MetaMask developer Taylor Monahan says North Korean IT workers have embedded themselves in crypto firms and DeFi projects for at least seven years, with over 40 DeFi platforms having purported DPRK-linked developers. Analysts link the Lazarus Group to roughly $7 billion in crypto thefts since 2017 — including Ronin Bridge, WazirX and Bybit incidents — and attribute Drift Protocol’s $280 million exploit with medium-high confidence to a North Korean state-affiliated group using intermediaries and in-person social engineering. Industry figures warn recruitment and interview-based infiltration is common and recommend screening counterparties (e.g., OFAC lists).

Facts: researcher reports seven years of DPRK-linked developers in DeFi and >40 affected platforms; analysts tie Lazarus Group to ~$7B in crypto thefts including Ronin, WazirX and Bybit; Drift’s $280M exploit was attributed with medium-high confidence to a North Korean state-affiliated group using third-party intermediaries and in-person social engineering; industry sources advise screening counterparties (e.g., OFAC) to guard against infiltration.