Registration
 
All news
Top Stories
Editors' Picks
Crypto News
Financial News
Currencies
Market Voices
Companies
Regulators News
Eugene Komchuk
Eugene Komchuk

MetaMask says North Korean operatives embedded in crypto firms for years

MetaMask says North Korean operatives embedded in crypto firms for years
Many crypto projects hired hackers from North Korea

​North Korean IT workers have been operating inside crypto companies and DeFi projects for at least seven years, according to security researcher and MetaMask developer Taylor Monahan.

She says dozens of DeFi protocols — including well-known platforms — may have used code developed by these specialists. At the same time, the “seven years of blockchain development experience” listed on their resumes is often genuine.

Experts link this activity to the Lazarus Group — a North Korean-affiliated hacking collective. According to analysts at R3ACH, the group has stolen around $7 billion in crypto since 2017. Among the most high-profile attacks are the $625 million Ronin Bridge hack, the $235 million WazirX exploit, and the $1.4 billion Bybit heist.

New concerns intensified after the $280 million exploit of Drift Protocol. The project said there is a high probability that the attack was carried out by actors linked to North Korea.

A long-running scheme

Industry insiders confirm that such tactics have been used for years. Titan Exchange founder Tim Ahhl said his team once interviewed a candidate who later turned out to be linked to Lazarus. According to him, the candidate appeared highly professional and participated in video interviews but avoided meeting in person. His name was later found in a database associated with the hacking group.

In the case of Drift Protocol, the situation was even more complex. According to the investigation, the interaction did not involve North Korean nationals directly, but rather intermediaries with fully constructed identities — including work histories, public profiles, and professional networks.

The main threat to the crypto market

The scale of the problem is far greater than it may seem. According to Chainalysis, hackers stole more than $3.4 billion in crypto in 2025, with the majority of those attacks linked to North Korea. In just one year, DPRK-affiliated groups accounted for about $2.02 billion — roughly 60% of total industry losses.

In fact, this points to the dominance of a single actor. Reports show that North Korean groups, including Lazarus, are responsible for up to three-quarters of attacks on crypto platforms, and their operations tend to cause significantly greater damage than those of other hackers.

At the same time, the Lazarus Group is no longer targeting only companies and startups. Recently, it expanded its operations to individual investors, stealing $5.2 million from a trader.

This material may contain third-party opinions, none of the data and information on this webpage constitutes investment advice according to our Disclaimer. While we adhere to strict Editorial Integrity, this post may contain references to products from our partners.

Editor's Picks for You

From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
  • By Mikhail Vnuchkov
  • Yesterday
From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
Editors' Picks
The world's first trillionaire: How Musk built his fortune on electric cars, space and AI
  • By Eugene Komchuk
  • 12.06.2026
The world's first trillionaire: How Musk built his fortune on electric cars, space and AI
Editors' Picks
How precious-metals mining revival is reshaping portfolios in 2026
  • By Ciaran Ryan
  • 11.06.2026
How precious-metals mining revival is reshaping portfolios in 2026
Editors' Picks
All Editors' Top Picks

Latest Crypto News

Anthropic export curbs follow Amazon-linked warning over AI model security
  • By Dan Blystone
  • Yesterday
Anthropic export curbs follow Amazon-linked warning over AI model security
Crypto News
#Crypto #AI #Anthropic
From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
  • By Mikhail Vnuchkov
  • Yesterday
From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
Editors' Picks
#WLD #Arthur Hayes #Crypto #HYPE
Y Combinator backs Clarity Act as catalyst for broader crypto use across portfolio companies
  • By Dan Blystone
  • 12.06.2026
Y Combinator backs Clarity Act as catalyst for broader crypto use across portfolio companies
Crypto News
#Crypto #NFA
All Crypto News
  • Mikhail Vnuchkov
  • Yesterday
From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
  • Eugene Komchuk
  • 12.06.2026
The world's first trillionaire: How Musk built his fortune on electric cars, space and AI
  • Ciaran Ryan
  • 11.06.2026
How precious-metals mining revival is reshaping portfolios in 2026
  • Mikhail Vnuchkov
  • 11.06.2026
Bitcoin price prediction after CPI rise: Is BTC headed for deeper losses?
  • Eugene Komchuk
  • 10.06.2026
Five years with Bitcoin: How El Salvador changed after legalizing BTC
  • Jose Antonio Gastelum
  • 1 hour ago
Football meets crypto in growing trend, Vugar Usi Zade notes
  • Elena Nikulina
  • 2 hours ago
Lia Holmgren: High beta portfolios allocated to semis and airlines
  • Yaroslav Dmytrenko
  • 2 hours ago
Alan Rogers: Bitcoin and Ethereum climb after U.S. peace deal with Iran
  • Mikhail Vnuchkov
  • 3 hours ago
Generating $416,000 per month from 139 clients, MATT GRAY notes
  • Yulia Slavina
  • 4 hours ago
Jeremy Horpedahl: Asian market gains mostly under 2 percent despite Iran deal speculation
Weekly Top Bonuses
up to $2,500
deposit bonus for all clients
CLAIM BONUS
Your capital is at risk.
Top News
  • Olga Shendetskaya
  • 9 min ago
U.S. futures jump as Iran deal lifts global markets
U.S. futures jump as Iran deal lifts global markets
  • Eugene Komchuk
  • 1 hour ago
Oil prices fall after announcement of U.S.-Iran agreement
Oil prices fall after announcement of U.S.-Iran agreement
  • Mikhail Vnuchkov
  • Yesterday
From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
  • Eugene Komchuk
  • 12.06.2026
Sam Bankman-Fried fails to challenge FTX conviction
Sam Bankman-Fried fails to challenge FTX conviction
  • Olga Shendetskaya
  • 12.06.2026
BlackRock loses ETF lead as Vanguard fund inflows accelerate
BlackRock loses ETF lead as Vanguard fund inflows accelerate
Live News
  • Anton Kharitonov
  • Now
Microsoft slides again as capex continues to weigh on shares
  • Anton Kharitonov
  • Now
Apple recovers as improving risk appetite boosts demand for equities
  • Mykhailo Ihnatenko
  • Now
Moderna eyes breakout as investors focus on its next growth drivers
  • Anton Kharitonov
  • Now
Bitcoin recovers as risk appetite improves despite weak institutional demand
  • Anton Kharitonov
  • Now
WTI continues to decline amid progress in U.S.-Iran talks
Who We Are
Business Solutions
For Users
TU News
Popular Sections
Disclosures
CONTACT US
Legal
We are in Social Media
© IAFT Ltd., 2010-2026 All rights to the website are owned by IAFT Ltd.,
Registration number - HE 336186
  • Risk disclosure:

    Information on the TradersUnion.com website is for informational purposes only and does not constitute any motive or suggestion to visitors to invest money. Moreover, we hereby warn you that trading on the Forex and CFD markets is always a high risk. According to the statistics, 75-89% of customers lose the funds invested and only 11-25% of traders earn a profit. Trading in futures and options carries substantial risk of loss and is not suitable for every investor.

    That is why you should only invest money that you are prepared — or can afford — to lose at such high risks. Tradersunion.com does not provide any financial services, including investment or financial advisory services. Also, the Traders Union is not a broker and does not get money for trading in the Forex or CFD markets. Our website only provides information on brokers and the markets and helps its users to select the best brokerage company based on detailed information and objective analysis of brokers.

  • Disclaimer:

    Traders Union (TradersUnion.com) shall not be liable for the consequences of trading decisions made by the Client and for the possible loss of his capital resulting from the use of this website and information published on it.

    Forex market, CFD and cryptocurrency trading involves high risks and is not suitable for everyone. Before investing money, you need to adequately assess the level of your expertise and be aware of the risks, particularly in the context of trading with leverage. The information on this website is not intended for distribution or use by any person in any country or jurisdiction, where such distribution or use would be in violation of the local law or regulation. Any payments by Traders Union (TradersUnion.com) to the users of our website shall be legally interpreted solely as an incentive on our part for the activity on the website in the form of a deduction of a part of the advertising income; they shall not be a subject of any claims of our users or our obligations, a subject of disputes, as well as cannot be considered in relation to the services provided to users by brokers, both in fact and in their completeness and volume. The administration of the website shall not be liable for the content of user comments and reviews about the companies and shall not verify whether the authors of the reviews are indeed real clients of a specific company. All reviews, both negative and positive are published on the website without verification of their reliability; only offensive reviews that call for violence or any kind of discrimination and also reviews published from one group of IP addresses are moderated and removed. The authors of the materials shall be fully liable for the accuracy, completeness and impartiality of any information in the articles and reviews, including in the context of their use or mention of any brand names or trademarks. All mentions of the names of companies and their brands in any materials on the website shall be made in the context of communication of socially important information to the people about their activities by independent journalists, who are the authors. All evaluations and indicators on the website express the subjective opinion of the authors of the reviews (articles) and shall not be viewed as accurate statements and be a subject of disputes and claims against Traders Union.

  • Disclosure of advertisers and revenues:

    All the services on the Tradersunion.com website are free for you to use. Our team spends thousands of hours per annum researching brokers and gathering information about them to help investors all over the world to choose reliable companies and to avoid fraudsters.

    Indeed, the curating, sourcing, and organization of this process requires substantial financial investment by Tradersunion.com, which the website earns in the form of advertising payments. There are two types of advertising services on the website — direct advertising or partner (broker) participation programs. However, no services purchased by our partners shall affect the recommendations on our website, or our opinions, or ratings. Our ratings are based on our objective rating criteria and methodology; and the results are always equally and fairly applied to each broker. The work of our content authors and research groups does not involve any interaction with our advertisers and they do not have access to data concerning the amount of advertising purchased. For over 10 years we consider our independence, absolute openness, and objectivity as our main priority. Please follow the links to each of our affiliated broker’s websites. This will help Tradersunion.com to continue to provide our services to you for free.

onepercentfortheplanet.org World Association of News Publishers https://gdpr.eu/ GDPR