North Korean IT Workers Infiltrating DeFi Protocols Since 2020

CryptoTimes

Tuesday, April 7, 2026·5 min read·DeFi

North Korean IT Workers Infiltrating DeFi Protocols Since 2020

Security researcher Taylor Monahan has revealed that North Korean IT workers have been quietly infiltrating decentralized finance projects since at least 2020, with over 40 DeFi platforms inadvertently employing these state-sponsored developers. The workers often had legitimate blockchain experience, making detection extremely difficult for companies during hiring processes.

The threat extends beyond smart contracts into operational security, with recent attacks including the March 1, 2026 Bitrefill cyberattack that used methods similar to previous Lazarus attacks. Despite improved overall industry defenses, illicit cryptocurrency inflows jumped to $158 billion in 2025, up from $64.5 billion in 2024. The Drift Protocol hack represents the latest and largest example of this ongoing infiltration campaign.

Source: cryptotimes.io·This article is an original analysis by CryptoFirst based on publicly available information.

#North Korea#Insider Threats#Hiring Security#DeFi Summer

Disclaimer: CryptoFirst provides news analysis for informational purposes only. This is not financial advice. Cryptocurrency investments are subject to market risks. Please do your own research before making any investment decisions.