Overview
- The Ethereum Foundation, which disclosed results Thursday, said a six‑month ETH Rangers effort recovered about $5.8 million, documented more than 785 security flaws, and flagged over 100 DPRK-linked workers across the industry.
- The Ketman Project contacted roughly 53 teams about suspected hires, released an open-source GitHub scanner called gh-fake-analyzer, and co-authored a DPRK IT Workers Framework with Security Alliance, while keeping some methods and project names undisclosed.
- Investigators described repeat telltales such as reused profile photos and metadata across GitHub accounts, unrelated emails revealed during screen shares, and device language settings that conflicted with claimed locations, which helped surface fake identities.
- The Justice Department said Thursday that two Americans who helped DPRK workers pose as U.S.-based developers were sentenced to at least seven years, highlighting parallel legal pressure on networks that place operatives inside companies.
- Analysts link the infiltration model to North Korea’s Lazarus Group and years of major crypto thefts worth billions, with the April 1 Drift Protocol breach for $285 million reinforcing calls for stronger vetting and sanctions checks in hiring.