When Crypto Becomes Industrial Espionage Territory
You might think the biggest threats to the crypto ecosystem come from hooded hackers or stern regulators. But here’s a new plot twist: North Korean IT workers quietly slipping into the development teams of blockchain projects, as if applying remotely with a fake resume has become Pyongyang’s national sport.
A program funded by the Ethereum Foundation, called the Ketman Project, has just pulled back the curtain on an infiltration operation of significant scale. In just six months, this initiative managed to identify around a hundred IT workers from the Democratic People’s Republic of Korea (DPRK), better known as North Korea, scattered across no fewer than 53 crypto industry projects.
The Ketman Project: A Headhunter for Counter-Intelligence
The name “Ketman” isn’t arbitrary: it references a practice of concealing one’s true beliefs to survive under an authoritarian regime — a rather fitting irony for a program whose sole purpose is to expose those hiding their identities.
In practice, the project functioned as a sort of intelligence service dedicated to the crypto industry. The team analyzed profiles, cross-referenced data, identified behavioral patterns and technical signatures characteristic of North Korean operators, then directly alerted the 53 affected projects about the presence of suspicious individuals in their ranks.
This funding through an Ethereum Foundation grant — a stipend awarded to initiatives deemed beneficial for the ecosystem — illustrates growing awareness: the security of human teams is just as critical as code security.
A Well-Documented Threat, But Underestimated
The infiltration of North Korean workers into the global tech sector isn’t new. American authorities, notably the FBI and the Treasury Department, have been sounding the alarm on this phenomenon for years. These workers, often highly skilled in software development, land freelance gigs or remote positions by concealing their actual location and nationality.
The objective is twofold: generate foreign currency for Kim Jong-un’s regime — thereby circumventing international sanctions — and potentially access sensitive information or introduce vulnerabilities into the systems they develop. In a sector where code is king and teams are often 100% distributed across the globe, verifying a developer’s real identity sometimes feels like an Olympic feat.
The crypto sector is particularly exposed for several reasons: hiring happens massively remotely, cryptocurrency payments facilitate transaction anonymity, and startups, often under-resourced in HR, sometimes lack the rigorous verification processes found in traditional large enterprises.
53 Projects Alerted: What Now?
One of the Ketman Project’s concrete contributions lies in its operational dimension: not just tallying suspects, but directly notifying the affected projects. This proactive approach allows impacted teams to conduct their own internal investigations and, where necessary, end problematic collaborations.
You can imagine the awkwardness of HR managers at these 53 projects receiving a message like: “Hello, your backend developer might actually be working for an internationally sanctioned regime. Have a nice day.”
Beyond the anecdote, this situation raises serious questions about recruitment practices in the industry: strengthened identity verification, KYC (Know Your Customer) processes applied to employees, HR team training on spotting red flags…
Putting It in Perspective: Crypto as a Mirror of Global Geopolitical Tensions
This affair reminds us, if we needed reminding, that blockchain doesn’t exist in a hermetically sealed bubble, isolated from global realities. Geopolitical tensions, authoritarian regimes, international sanctions — all of it eventually ends up at crypto’s table, often unexpectedly.
The fact that the Ethereum Foundation chose to fund this type of surveillance initiative is itself revealing of growing maturity in the ecosystem. Decentralization and anonymity are foundational values of the sector, but they shouldn’t serve as a screen for activities funding weapons programs or deliberately circumventing sanctions.
The Ketman Project is just the beginning. With the sector’s ongoing professionalization and the growing power of globally distributed teams, the question of who’s actually writing the code that billions in assets depend on will become increasingly central. Blockchain transparency isn’t enough if opacity reigns over the identities of those building it.