{"id":34797,"date":"2026-07-18T06:19:28","date_gmt":"2026-07-18T06:19:28","guid":{"rendered":"https:\/\/bitunikey.com\/news\/consensys-halts-releases-after-north-korea-linked-developer-gains-access\/"},"modified":"2026-07-18T06:19:52","modified_gmt":"2026-07-18T06:19:52","slug":"consensys-halts-releases-after-north-korea-linked-developer-gains-access","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/consensys-halts-releases-after-north-korea-linked-developer-gains-access\/","title":{"rendered":"Consensys halts releases after North Korea-linked developer gains access"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">Consensys has temporarily halted product releases after a North Korea-linked consultant gained access to its systems for about one month.<\/p>\n<div id=\"cn-block-summary-block_6099a069eb461644e70d591d71d410c9\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Consensys halted product releases after a North Korea-linked consultant accessed its systems for one month.<\/li>\n<li>An internal investigation found no stolen assets, exposed data, malicious code, or user harm.<\/li>\n<li>Consensys will review contractor screening as North Korean operatives increasingly target crypto firms.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>Drop Site News <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.dropsitenews.com\/p\/consensys-metamask-crypto-wallet-hired-north-korean-hacker?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share\" target=\"_blank\" rel=\"nofollow\">reported<\/a> that the developer joined the Ethereum software company under the alias \u201cTyler Knapp\u201d and used the GitHub handle \u201cimyugioh.\u201d Public GitHub records reviewed by the outlet showed that the consultant began contributing code on March 9 before his access ended in April.<\/p>\n<p>Internal messages obtained by Drop Site showed that Knapp worked on core MetaMask platform code, including sections used to connect crypto users with third-party fiat payment providers. Consensys suspended product releases during its investigation and instructed staff to avoid contact with the consultant, according to the report.<\/p>\n<p>Consensys general counsel Matt Corva told Drop Site that an established third-party service provider introduced Knapp to the company. Corva stressed that Consensys treated him as a consultant rather than a direct employee.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cVery quickly after being introduced, we discovered the threat, followed our security protocols, immediately terminated any access and launched a comprehensive investigation that confirmed there was no misappropriation of assets or data, no malicious code deployed, and no impact to user safety and security.\u201d<\/p>\n<\/blockquote>\n<p>Although Consensys disclosed no financial losses, Corva said in a statement that the company would reassess how it outsources engineering and development work. The firm also notified law enforcement and provided information about the incident, according to internal communications reviewed by Drop Site.<\/p>\n<h2 class=\"wp-block-heading\">Consensys found no loss of user assets<\/h2>\n<p>Consensys\u2019 investigation found no evidence that the consultant stole company data or digital assets, inserted harmful code, or compromised users, according to Corva. The company did not publicly explain how it established the developer\u2019s alleged ties to the Democratic People\u2019s Republic of Korea.<\/p>\n<p>Even without a confirmed loss, developer access can expose sensitive infrastructure. According to TRM Labs, developer environments have become one of the quickest paths for attackers seeking access to systems that hold private keys or approve crypto withdrawals.<\/p>\n<p>A six-month investigation supported by the Ethereum Foundation\u2019s ETH Rangers Program <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/blog.ethereum.org\/en\/2026\/04\/16\/eth-rangers-recap\" target=\"_blank\" rel=\"nofollow\">shows<\/a> that the hiring threat extends beyond Consensys. The Ketman Project identified about 100 suspected North Korean IT workers using false identities across 53 crypto and Web3 projects, according to an ETH Rangers recap published in April.<\/p>\n<p>Ketman investigators also traced at least three suspected groups across 11 code repositories, where projects had merged 62 pull requests before detecting the activity. The project reported that some applicants used generated profile pictures, forged identity documents and false Japanese identities to pass screening checks.<\/p>\n<h2 class=\"wp-block-heading\">North Korea remains crypto\u2019s largest hacking threat<\/h2>\n<p>North Korea-linked groups have repeatedly used fake identities and remote engineering jobs to gain entry to technology companies. As crypto.news reported in November, Opsek founder and Security Alliance member Pablo Sabbatella warned at Devconnect Buenos Aires that North Korean workers could be embedded in as many as one-fifth of crypto companies.<\/p>\n<p>Sabbatella also estimated that North Korean applicants account for roughly 30% to 40% of job applications received by crypto firms, suggesting that employment fraud is not limited to isolated cases.<\/p>\n<p>Crypto companies face added risk because employees and contractors can receive access to code, wallets and transaction systems. TRM Labs estimated that North Korea was responsible for 64% of the value stolen in crypto hacks during 2025, when total losses exceeded $2.7 billion. TRM Labs<\/p>\n<p>One attack accounted for much of the damage. The FBI attributed the February 2025 theft of about $1.5 billion from Bybit to North Korea\u2019s TraderTraitor group, which dispersed the assets across thousands of blockchain addresses. FBI<\/p>\n<p>TRM Labs reported that more than 30 exchanges and decentralized finance protocols now share rapid alerts through its Beacon Network when North Korea-linked funds reach participating platforms. For Consensys, the consultant\u2019s removal prevented any known user loss, but the incident has prompted a review of the company\u2019s third-party hiring controls.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Consensys has temporarily halted product releases after a North Korea-linked consultant gained access to its systems for about one month. Summary Consensys halted product releases after a North Korea-linked consultant&hellip;<\/p>\n","protected":false},"author":1,"featured_media":34798,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-34797","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/34797","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=34797"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/34797\/revisions"}],"predecessor-version":[{"id":34799,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/34797\/revisions\/34799"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/34798"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=34797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=34797"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=34797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}