Ethereum Foundation uncovers 100 DPRK workers infiltrating 53 crypto projects
Ethereum Foundation says its ETH Rangers Program uncovered DPRK-linked labor in crypto hiring. Results: ~$5.8M recovered, 785+ vulnerabilities, 100+ operatives across 53 projects.
Ethereum Foundation: 100 DPRK-linked workers in 53 crypto projects; $5.8M recovered
The disclosure ties to the Ethereum ecosystem. Mentioned by the Foundation and partners. First mention of Ethereum (ETH) here.
The six‑month program coordinated with the Ketman Project and SEAL to flag behavioral, technical, and identity indicators of DPRK workers. Source: EF Ecosystem Support Program tweet, Ketman, Coinspeaker.

Source: Ketman
Key outcomes
- $5.8M+ recovered across program actions EF_ESP
- 785+ vulnerabilities reported EF_ESP
- 100+ DPRK-linked IT workers identified in 53 crypto projects EF_ESP
Quote from the Foundation: “A decentralized defence for a decentralized network.” EF_ESP
Constraints and scope
- Full identification methodology not public; affected projects not named Coinspeaker
- $5.8M includes all program recoveries, not only DPRK cases Coinspeaker
- 100+ count is within the program’s Ethereum scope, not an industry cap Coinspeaker
Independent work ran in parallel. Researcher Nick Bax notified 30+ teams about active DPRK-linked payrolls and helped freeze hundreds of thousands in funds Coinspeaker.
Criminal enforcement moved in tandem. The U.S. Justice Department said two Americans were sentenced to at least seven years for helping DPRK operatives pose as U.S.-based developers; eight more defendants remain at large Coinspeaker.
Operational takeaway for teams: the primary exposure is procedural. Gaps in remote hiring verification, background checks, and project-level sanctions controls allow long undetected infiltration Coinspeaker.








