IT specialists from North Korea did this for at least seven years.
North Korean IT specialists have been securing jobs in decentralized finance (DeFi) projects for at least seven years. MetaMask developer and security specialist Taylor Monahan made this claim.
According to her, many well-known protocols in the industry, including projects from the “DeFi summer” era, were created with participation from North Korean specialists.
Related: Maryland Man Charged With Stealing $53 Million From DeFi Platform Uranium Finance
“The “7 years blockchain dev experience” on their resume is not a lie,” Monahan noted.
Scale of Infiltration
Monahan stated that at least 40 DeFi projects have had North Korean developers on their teams at various times. Among the platforms she mentioned are SushiSwap, Thorchain, Fantom, Yearn Finance, and others.
Related: Bank of Canada Finds DeFi Lending Viable, But Messy
The statement followed an admission from Tim Ahl, founder of Solana aggregator Titan. He revealed that in a previous job, he interviewed a candidate who later turned out to be connected to the Lazarus hacking group. The candidate attended video interviews but refused an in-person meeting. His name later appeared in Lazarus data leaks.
Expert Reaction and Security Measures
Blockchain detective ZachXBT confirmed that Lazarus Group is a collective name for all cyber units backed by North Korea. He noted that threats through job postings, LinkedIn, Zoom, and interviews are considered relatively unsophisticated, but attackers compensate with persistence.
Experts recommend crypto companies actively use counterparty verification tools. The US Treasury’s Office of Foreign Assets Control (OFAC) maintains a dedicated resource for sanctions screening and identifying common fraud patterns.
Taylor Monahan also published a knowledge base on GitHub about North Korean group activities in the crypto industry.
Related: Hackers Stole $169 Million From 34 DeFi Protocols—DefiLlama Q1 Report
