In brief
- The Ethereum Foundation reported that a six-month program helped detect around 100 DPRK IT workers across 53 crypto projects.
- The report follows a record-breaking year for North Korean hackers, who stole around $2 billion worth of crypto in 2025.
- Meanwhile, two individuals that helped DPRK IT workers infiltrate U.S. companies received multi-year prison sentences in the U.S.
North Korea’s hacking spree has kept the crypto industry on high alert for years, but the Ethereum Foundation has indicated that the tide could turn in a matter of months.
Establishing a program with blockchain security groups helped expose around 100 IT workers associated with the Democratic People’s Republic of Korea, the Swiss nonprofit said in a blog post published on Thursday, noting that the discoveries took place over half a year.
The Ethereum Foundation outlined how the ETH Rangers Program also led to the detection of hundreds of vulnerabilities and prompted dozens of incident responses, but the tally of DPRK-linked individuals hints at the scope of the challenge in human terms.
The ETH Rangers Program has wrapped up and the results speak for themselves: $5.8M+ recovered, 785+ vulnerabilities reported, 100+ DPRK operatives identified, and so much more.
A decentralized defence for a decentralized network.
Read the full recap 👇
— EF Ecosystem Support Program (@EF_ESP) April 16, 2026
In 2023, a United Nations report found that the DPRK has dispatched between 3,000 and 10,000 IT workers overseas. Recent numbers published in conjunction with the U.S. State Department found that as many as 1,500 of them were located in China, with plans to send more to Russia.
Research bankrolled by the Ethereum Foundation identified DPRK workers across roughly 53 crypto projects who were committed to helping the so-called Hermit Kingdom pull off its next heist.
Those detections were spearheaded by the Ketman Project, which also co-authored a framework for identifying DPRK workers with an organization called the Security Alliance (SEAL). “This work directly addresses one of the most pressing operational security threats facing the Ethereum ecosystem today,” the Foundation said.
The ETH Rangers Program benefited blockchain sleuth Nick Bax, who identified and notified more than 30 teams that DPRK workers were on their payroll. Ultimately, he was able to help freeze hundreds of thousands of dollars in crypto that bad actors had received.
Last year, blockchain security firm Chainalysis found that North Korean hackers had stolen a record-breaking $2 billion in crypto, a 51% jump from the previous year. DPRK workers frequently snake their way inside services to gain privileged access, the firm stated.
The theft of $285 million in crypto from Drift Protocol this month heightened fears after the Solana-based decentralized exchange determined that it had fallen victim to a months-long social engineering hack masterminded by North Korean hackers.
On Wednesday, North Korea celebrated the birthday of its founder, Kim Il Sung. But the nation’s most important holiday coincided with disappointment for DPRK affiliates in the U.S.
The Justice Department reported that two U.S. nationals who helped DPRK workers pose as Americans to gain access to 100 companies had been sentenced to at least seven years in prison. Each had pleaded guilty to wire fraud and money-laundering conspiracy charges.
For their roles in helping funnel millions of dollars from victimized U.S. companies overseas, the individuals received $700,000, authorities said. The DOJ noted, however, that eight defendants indicted in connection with the scheme remained on the loose.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
