MetaMask security researcher Taylor Monahan revealed that North Korean IT workers have been quietly embedded in decentralized finance projects since at least 2020, with over 40 DeFi platforms allegedly employing these state-sponsored developers at some point. The revelation comes following the Drift Protocol hack and highlights a broader security threat to the crypto industry. These workers, often presenting with legitimate technical backgrounds and 'seven years blockchain development experience' on their resumes, have been building the infrastructure for protocols while potentially creating backdoors for future exploits. The tactics involve sophisticated social engineering through job postings, LinkedIn outreach, and video interviews, though they typically avoid in-person meetings. The researcher warns that this represents a long-term infiltration strategy that could affect numerous protocols beyond those already compromised.
North Korean IT Workers Infiltrating DeFi Projects for Years, Researcher Warns
C
Crypto Times
Tuesday, April 7, 2026·5 min read·Security
Source: cryptotimes.io·This article is an original analysis by CryptoFirst based on publicly available information.
#north-korea#defi#infiltration#security#social-engineering
Disclaimer: CryptoFirst provides news analysis for informational purposes only. This is not financial advice. Cryptocurrency investments are subject to market risks. Please do your own research before making any investment decisions.