IT Workers From North Korea Have Been Infiltrating DeFi Platforms for Past 7 Years

Research highlights long-term insider risks in decentralised finance projects

Advertisement
Written by Rahul Dhingra, Edited by Rohan Pal | Updated: 6 April 2026 14:55 IST
Highlights
  • Researcher links DPRK workers to over 40 DeFi platforms
  • Social engineering tactics used in major exploit cases
  • Lazarus group tied to multi-billion crypto thefts

Security concerns rise over insider threats in decentralised finance systems

Photo Credit: Unsplash/Shubham Dhage

Security researcher Taylor Manonan has claimed that North Korean IT workers have been infiltrating DeFi platforms for the past 7 years. This includes over 40 DeFi platforms, which she listed in a post on X. She further added that seven years of DeFi experience on their resumes is not a lie, cause they have built all the critical protocols that run on each of these DeFi platforms. This data revelation came hours after the Drift Protocol disclosed a $280 million (roughly Rs. 2,600 crore) exploit, which also had a DPRK group behind it. 

Long-Term Infiltration Raises Concerns Over DeFi Security Risks

Drift Protocol, which fell prey to this scam were completely oblivious. In a post on X, Drift Protocol explained that this was not a typical hack, but a months-long, highly coordinated social engineering operation. Bad actors posed as a legitimate trading firm, met the execs at Drift Protocol at a lot of crypto events. They even invested a million dollars in capital on the platform. Over time, they managed to trick team members into interacting with malicious code and apps, likely compromising their devices and gaining access to critical systems. This operation is now linked to a DPRK group called UNC4736. 

Advertisement

This is not the first time that a DPRK group has been part of such a scam. As per the analysts at Creator Network R3ACH, the Lazarus group has stolen over $7 billion (roughly Rs. 65,000 crore) in crypto since 2017. These attacks include a $625 million (roughly Rs. 5,803 crore) scam of Ronin Bridge in 2022, the $235 million (roughly Rs. 2,182 crore) WazirX exploit in 2024, and $1.4 billion (roughly Rs. 13,000 crore) Bybit heist in 2025, which is also the biggest hack on their timeline. 

Commenting on this issue, Tim Ahhl, the founder of the Titan Exchange, which is a Solana-based Dex aggregator, said that in a previous job, “we interviewed someone who turned out to be a Lazarus executive.” Ahhl further added that the candidate “did video calls and was extremely qualified”. The bad actor declined an in-person interview, and the execs at Titan Exchange later found his name in a Lazarus “info dump.”

Earlier this year, the US Treasury had sanctioned individuals and entities tied to a North Korea-linked IT worker scheme that allegedly used fake identities to secure remote tech jobs and funnel earnings through cryptocurrency. Officials say the network helped generate illicit revenue for the North Korean regime.

Cryptocurrency is an unregulated digital currency, not a legal tender and subject to market risks. The information provided in the article is not intended to be and does not constitute financial advice, trading advice or any other advice or recommendation of any sort offered or endorsed by NDTV. NDTV shall not be responsible for any loss arising from any investment based on any perceived recommendation, forecast or any other information contained in the article.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Amazon Prime Day 2026: Best Deals on iQOO Smartphones
  2. Amazon Prime Day 2026: Best Deals on Smartphones Under Rs. 15,000
  3. Amazon Prime Day 2026: Best Deals on Redmi and Xiaomi Smartphones
  4. Amazon Prime Day Laptop Deals: Best Discounts on HP, Asus, Lenovo and More
  5. Best Camera Phones Under Rs. 30,000 for Content Creators in India
  6. Everything We Know About the Nothing Phone 4b
  1. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  2. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  3. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  4. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  5. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  6. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  7. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  8. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  9. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  10. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.