Project Ketman exposed 100 North Korean IT workers in the crypto industry 👀

Project Ketman exposed 100 North Korean IT workers in the crypto industry 👀

Market Analysis

April 17, 2026

The issue of North Korean IT operatives in crypto has long gone beyond theory, but now another concrete slice of the scale has appeared. The Ketman project, which was developed within the Ethereum Foundation fellowship program, reported that it helped identify around 100 IT workers from the DPRK who were operating in Web3 under false identities. At the same time, the team reached out to approximately 53 projects where such people may have been working.

What happened

In the summary of the Ethereum Foundation program, it is noted that Ketman was focused on identifying and pushing out North Korean IT workers who were infiltrating blockchain teams under the guise of ordinary remote specialists. Over several months, the project not only identified dozens of such people, but also published materials about their tactics – from infiltrating through freelance platforms to working with open repositories and fake profiles.

Why this matters

The problem here is not only that someone got a job under another person’s name. For the crypto industry, this is a risk of direct access to code, internal infrastructure, key processes, and sensitive data. That is exactly why the Ketman story looks much more serious than simply exposing fake résumés.

  • Ketman identified around 100 IT workers linked to the DPRK
  • the team warned approximately 53 projects
  • the risk concerns not only hiring, but also access to internal systems and code

Why this is already a systemic issue

In March, the US Treasury reported that schemes involving DPRK IT workers brought the regime almost $800 million in 2024 alone. This shows that this is not about isolated episodes, but about a large and well-organized model of infiltration into international business, including the crypto sector.

Conclusion

The Ketman story shows that the North Korean presence in the crypto industry – is no longer an abstract threat, but a practical problem for teams that work with code, money, and remote hiring. The identification of 100 people and warnings to 53 projects – is a strong signal to the entire market: checking contractors, developers, and access rights has long stopped being a formality. For Web3, this is already part of basic security.

Read also