Ethereum Security Group Says 100+ North Korean Operatives Infiltrated Web3 Firms

It is alleged that more than 100 people operating for North Korea have infiltrated Web3 companies.

This news emerged through the ETH Rangers program, an initiative dedicated to promoting cybersecurity in the world of blockchains. According to their investigation, the suspects have managed to access the Web3 companies through the use of false identities, remote work options, and organized scams within the recruitment process. This new development has raised fresh concerns about the threat posed by insiders in the cryptocurrency market.

According to the investigation report, the suspects were posing as software developers, smart contract engineers, DevOps experts, UI designers, and other professionals in order to secure employment in DeFi, NFT, gaming, infrastructural, and blockchain-related applications. When employed, they received monthly payments that ranged between $3,000 to $8,000, and they were able to access the systems and, in some cases steal confidential information from the startups.

Unlike conventional cyberattacks, this particular one has involved human infiltration into the systems. Researchers say that Web3 firms are vulnerable because of their remote working policies, global recruitment procedures, and speed when acquiring talent. In 2025 alone, more than 65% of blockchain companies hired at least some of their employees online.

Advanced Deception Tactics
ETH Rangers revealed that most of these suspected agents used fake CVs, fake employment history, and fake identities to get jobs. Some of these individuals reportedly used AI-generated or augmented profiles to make authentic online presences. Others are said to have used several names while applying to different firms concurrently, with some individuals applying to between 10 and 20 firms at once.

Another feature of these operations is that they often involve networks of people working together. These networks share devices, coordinate interview processes, use proxy infrastructures to obfuscate their locations, and funnel money earned to intermediaries. Investigators estimated that some of these networks earned millions of dollars each year from remote.

Blockchain analytics firms revealed that North Korea-backed hacking groups siphoned over $1.3 billion worth of cryptocurrencies in 2024.

According to industry experts, these revelations should be used as a wakeup call for Web3 founders and recruiters. The suggested methods include identity verification, live video interviews, background checks, device security assessments, access to source code restriction, multisig wallets for treasury management, and permission levels for newcomers. According to cybersecurity experts, implementing these processes may help lower insider threats by 40% to 60%.

Bigger Challenge for Web3
These revelations come amid mounting pressures on the crypto community to enhance its governance, transparency, and security due to several hacks, collapses, and instances of fraud in the past few years. In 2025, it was estimated that the total losses incurred by the industry in hacks, scams, and exploits amounted to over $2 billion.

With regards to the broader Web3 community, the findings made by ETH Rangers reinforce a central truth in today’s digital world - the next attack may come not in the form of anonymous hackers launching attacks from outside, but from an insider who has been brought in to work for the very company being attacked.