πŸ’° Read News and Earn $USDT Β· Cryptews β€” Read to Earn Platform Get Started

North Korean operative accessed MetaMask code before being caught

59 minutes ago 824

Consensys, the blockchain firm behind MetaMask crypto wallet, has confirmed it accidentally brought a North Korea-linked software developer onto its team. The firm confirmed that they gave the operative access to the core wallet code before the company caught on and shut him down after a month.Β 

Internal Slack messages revealed that the North Korea-linked operative worked on core MetaMask code for approximately one month before being terminated. Although Consensys confirmed that the infiltrator was stopped before any damage was done, the market remains skeptical of MetaMask’s ability to guarantee the safety of its users’ funds.Β 

North Korean developer spent a month inside MetaMask

According to the report, the North Korean software engineer worked under the alias β€œTyler Knapp” and used the GitHub handle β€œimyugioh.” He was hired as a consultant through a third-party service provider with a long-standing relationship with Consensys. Consensys confirmed that the software engineer was not hired directly through its internal hiring pipeline, insisting that the third-party hiring agency may have been responsible for the breakdown in proper screening.Β 

Internal Slack messages reviewed show that Tyler Knapp worked on the core MetaMask platform code. He had access to the core MetaMask codebase that converts crypto to fiat currency via third-party payment providers and vice versa. Tyler also contributed to MetaMask’s mobile wallet codebase on GitHub.

Those contributions began on March 9 and abruptly stopped in April, the same month Consensys cut off his access, meaning the operative had roughly a month of activity within the company’s systems.

Consensys general counsel Matt Corva revealed that the company discovered the threat quickly after Tyler was hired. The company followed its security protocols and terminated access immediately upon identifying the threat. He said a subsequent investigation found no misappropriation of assets or data, no malicious code pushed into production, and no impact on user safety.

In April, Corva sent a company-wide alert ordering all product releases suspended pending investigation and instructing staff not to interact with the individual. He also asked employees to keep the matter internal while the probe continued, a request that suggests Consensys was trying to control the narrative well before the story became public this week.

Crypto remains a favorite target for Pyongyang

North Korean operatives posing as remote software engineers have repeatedly landed real jobs at American companies. These companies achieve this with the help of US-based facilitators running laptop farms that make it appear the worker is logging in from within the country.

One Arizona woman was sentenced last year for running such an operation, which prosecutors say generated more than $17 million for North Korea-linked entities, according to reporting from The Guardian.

Earlier this year, two more American nationals were sentenced for facilitating similar schemes that the Department of Justice says touched close to 70 US companies.

Crypto firms are an especially attractive target because a developer’s ordinary access can extend well beyond source code into transaction signing infrastructure, the layer where stolen funds actually move.Β 

Blockchain analytics firm TRM Labs has estimated that North Korea-linked actors were behind roughly two-thirds of all crypto stolen in hacks last year, a figure that includes the $1.5 billion Bybit theft widely attributed to Pyongyang.

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.

Read Entire Article
πŸ’¬ Comments
Loading…

Log in to leave a comment.