In the smoky chamber of the Ethereum Foundation, a revelation arrived like a bureaucratic specter: a hundred DPRK-linked IT souls, masquerading as coders, were scattered through fifty-three crypto dominions.
The Ethereum Foundation Elevates Security with a Detective Program
These North Korean crypto-spies do not rest; so the Foundation, in a moment of bureaucratic romance, donned the detective’s hat to track them before they could sneak off and break more than a few smart contracts, just as Drift Protocol did at the dawn of the month. Thus, yesterday afternoon the Foundation proclaimed in a blog post the stark results yielded by the ETH Rangers Program-and yes, everything related to North Korean hackers inevitably sounds like an RPG boss battle.
The ETH Rangers Program has wrapped up and the results speak for themselves: $5.8M+ recovered, 785+ vulnerabilities reported, 100+ DPRK operatives identified, and so much more.
A decentralized defence for a decentralized network.
Read the full recap
– EF Ecosystem Support Program (@EF_ESP) April 16, 2026
In the annals of the blog, the Ethereum Foundation joined forces with Secureum, The Red Guild, and Security Alliance (SEAL) in late 2024 to conjure this program. The venture offered stipends to those performing public‑goods security work across the Ethereum cosmos, as if a stipend could buy a decent night’s sleep for a weary network.
The program’s mission consisted in backing independent security initiatives that strengthen Ethereum’s overall robustness, while spotlighting and rewarding contributors with a proven history of delivering high‑impact security work for the broader network.
After six months, the results of the program speak for themselves.
The DPRK Crypto-Infiltration Saga, Parth Who-Is-Even-Counting-At-This-Point
The ETH Rangers Program funded multiple crypto-security projects, but the Ketman Project was the one “focused on discovering and expelling North Korean (DPRK) IT workers who have infiltrated blockchain projects under fake identities”, per the blog post.
Over the six months of the investigation, they contacted roughly 53 different projects and uncovered around 100 DPRK IT operatives embedded inside Web3 organizations.
Their findings were shared in a series of detailed reports on ketman.org, which drew more than 3,300 active users and 6,200 page views, and explored themes such as account‑takeover techniques, the infiltration of freelance platforms, and emerging DPRK‑Russia ties. They also built and open‑sourced gh‑fake‑analyzer, a GitHub profile analysis tool designed to flag suspicious activity patterns, which is now available via PyPI.
In addition, they co‑authored the DPRK IT Workers Framework with SEAL, a document that has quickly become a go‑to reference for the industry, and supplied crucial data to the Lazarus.group threat‑intel project, with their work highlighted in a presentation at DEF CON.
Overall Results Of The Ethereum Program
The work produced by the 17 stipend recipients cover everything from vulnerability research and security tooling to education, threat intelligence, and hands‑on incident response.
According to the Ethereum Foundation, more than $5.8 million in funds have been recovered or frozen, while over 785 vulnerabilities, client bugs, and proof‑of‑concept exploits have been reported or documented. The Program has also helped identify around 100 DPRK state‑sponsored operatives embedded across multiple teams, and its threat‑intelligence and investigative content has reached over 209,000 viewers and users.
On the builder side, more than 800 teams have taken part in sponsored security challenges and investigations, supported by over 80 workshops, talks, and technical or educational resources. The initiative has coordinated responses to more than 36 security incidents and driven the creation or improvement of at least seven open‑source tooling repositories, frameworks, and implementations that further harden the ecosystem.
The Saga Continues
The DPRK-linked hacks continue to be a serious issue amongst the crypto community. Recently, key actors have been less lenient and more active in trying to uncover and stop their threat.
Let’s remember that, following the attribution of the April 1st $285 million attack on Drift Protocol to UNC4736, a North Korea-aligned, state‑sponsored hacking group, crypto detective ZachXBT uncovered an internal North Korean payment server tied to 390+ accounts, chat logs, and transaction histories.
A few weeks ago, some crypto builders confessed on the social network X that they are passing tests during interviews to developers to make sure they are not North Korean agents.
Investing in visible, transparent security collaborations (like EF’s backing of ETH Rangers/Ketman/SEAL) may deserve a premium in risk models, while protocols with opaque teams and loose hiring are increasingly “headline risk” candidates.
Cover image from Perplexity. ETHUSD chart from Tradingview.
Read More
- Silver Rate Forecast
- Gold Rate Forecast
- Brent Oil Forecast
- Stablecoins, RWAs, and the Crypto Industry’s Midlife Crisis
- EUR NZD PREDICTION
- USD RUB PREDICTION
- CNY JPY PREDICTION
- Bitcoin Treasuries in Crisis? What’s Going On?!
- MiCA Deadline Myth Busted: July 1 Is Too Late for Most Crypto Firms
- USD MXN PREDICTION
2026-04-17 21:27