Ethereum Strikes Back: North Korea’s Crypto Hack Network Faces Major Crackdown

Safety sleuthing funded by means of the Ethereum Basis has led to the restoration or freezing of over US$5.8 million (AU$8.08 million) in stolen belongings, uncovered virtually 800 safety vulnerabilities, and recognized over 100 North Korean operatives working inside Web3 organisations.

The ETH Rangers Program has wrapped up and the outcomes converse for themselves: $5.8M+ recovered, 785+ vulnerabilities reported, 100+ DPRK operatives recognized, and a lot extra.

A decentralized defence for a decentralized community.

Learn the total recap

— EF Ecosystem Assist Program (@EF_ESP) April 16, 2026

This system, referred to as the ETH Rangers Program, ran for six months and funded the work of 17 unbiased investigators in a partnership between the Ethereum Basis, Secureum, The Purple Guild and Safety Alliance (SEAL). 

In the course of the 6-month program, one of many funded investigators constructed and scaled a system, referred to as the Ketman Mission, designed to determine and expel North Korean IT staff who had infiltrated blockchain tasks below pretend identities.

The Ketman Mission recognized over 100 North Korean IT staff working inside roughly 53 tasks inside Web3 organisations. The undertaking printed its findings on a public web site, ketman.org. 

The undertaking additionally developed and open-sourced a GitHub profile analyser referred to as gh-fake-analyzer designed to help in figuring out suspicious exercise related to North Korean operatives, and co-authored the DPRK IT Employees Framework with SEAL, which is now extensively used throughout the Web3 business.

One other participant in this system, Nick Bax, logged greater than 36 SEAL 911 tickets, one in all which included helping with the Loopscale exploit, ensuing within the return of US$5.8 million. He was additionally a part of a security group which recognized and notified over 30 organisations using North Korean IT staff and aided in freezing funds acquired by these staff within the vary of a number of a whole lot of hundreds of {dollars}.

One other notable final result from the ETH Rangers Program included the creation of an incident explorer constructed by SunSec and the DeFiHackLabs group, which permits customers to seek for and analyse over 620 DeFi safety incidents with proof-of-concept (PoC) exploits and root trigger evaluation.

Associated: Ethereum Foundation Launches $1M Audit Fund to Boost Blockchain Security

Faux North Korean IT Employees a Vital Challenge

The difficulty of North Korean IT staff assuming pretend identities and securing work inside organisations has been a problem for a number of years.

In 2023, a report from the United Nations discovered that someplace between 3,000 and 10,000 North Korean IT operatives had been working abroad. Research printed by the US Division of State in January suggests this drawback is continuous to unfold, discovering that as much as 1,500 North Korean IT staff are presently situated in China. It additionally uncovered North Korean plans to ship as much as 40,000 staff, together with many IT staff to Russia, and that North Korean IT staff are lively in quite a lot of different nations, together with Laos, Cambodia and Nigeria.

In the meantime, blockchain safety agency Chainalysis published findings in December that North Korean hackers had stolen US$2.02 billion (AUD$2.83 billion) in cryptocurrency all through 2025, a 51% improve over the earlier 12 months. This introduced the full quantity of crypto stolen by North Korea to US$6.75 billion (AUD$9.45 billion).

Associated: North Korean Fake Dev Ring Nets Millions as Crypto Firms Face Rising Insider Threat

Chainalysis additionally discovered that North Korea is now “attaining bigger thefts with fewer incidents,” by focussing on embedding IT staff inside crypto tasks, or utilizing refined social engineering operations to breach safety, reasonably than attacking numerous particular person wallets.

The submit Ethereum Strikes Back: North Korea’s Crypto Hack Network Faces Major Crackdown appeared first on Crypto News Australia.