No connection

Search Results

Crypto security Bearish

North Korean IT Workers Infiltrated DeFi Platforms for Seven Years, Researcher Warns

Apr 06, 2026 06:04 UTC

A cybersecurity analyst has revealed that North Korean IT workers have been embedding themselves in crypto companies and DeFi projects for at least seven years. Taylor Monahan, a MetaMask developer and security researcher, claims over 40 DeFi platforms have been infiltrated by these workers.

  • North Korean IT workers have infiltrated over 40 DeFi platforms over seven years.
  • The Lazarus Group is linked to major crypto heists, including the $625 million Ronin Bridge exploit, $235 million WazirX hack, and $1.4 billion Bybit heist.
  • Drift Protocol's $280 million exploit is suspected to be the work of a North Korean state-affiliated group.
  • Tim Ahhl, founder of Titan Exchange, encountered a Lazarus operative during an interview process.
  • The U.S. Office of Foreign Assets Control offers resources for crypto businesses to screen against sanctions and fraud patterns.

Security researcher Taylor Monahan has disclosed that North Korean IT workers have been infiltrating decentralized finance (DeFi) platforms for at least seven years, according to a recent report. Monahan, a MetaMask developer and security researcher, stated that over 40 DeFi platforms, some of which are well-known, have had North Korean IT workers involved in their protocols. The Lazarus Group, a North Korean-affiliated hacking collective, has been linked to high-profile crypto heists, including the $625 million Ronin Bridge exploit in 2022, the $235 million WazirX hack in 2024, and the $1.4 billion Bybit heist in 2025. Monahan’s comments followed the Drift Protocol’s recent announcement that it had 'medium-high confidence' the $280 million exploit was carried out by a North Korean state-affiliated group. Tim Ahhl, founder of the Titan Exchange, shared an experience where a candidate turned out to be a Lazarus operative, highlighting the sophistication of these infiltrations. The U.S. Office of Foreign Assets Control provides a website for crypto businesses to screen counterparties against updated OFAC sanctions lists and identify patterns consistent with IT worker fraud.

Sign up free to read the full analysis

Create a free account to unlock full AI-curated market articles, personalized alerts, and more.

Create Free Account Already have an account? Sign In
Share this article

Stay Ahead of the Markets

Join thousands of traders using AI-powered market intelligence. Get personalized insights, real-time alerts, and advanced analysis tools.

Get Started Free View Plans
Features Terminal AI Assistant Analysis Market News Pricing
Start Trading with AI Already have an account? Sign In
Home
Terminal
AI
Markets
Profile