Skip to content

Consensys mistakenly hired North Korea-linked developer to work on MetaMask

Major Blockchain Firm Consensys Accidentally Hired a North Korean Hacker
Share this article

Consensys, the Ethereum software company behind the MetaMask crypto wallet, mistakenly hired a software developer who was later linked by an internal investigation to North Korea, allowing the contractor to work on MetaMask code for about a month before the company cut off access and froze product releases.

Drop Site News reported that the engineer used the alias “Tyler Knapp” and was introduced to Consensys through an established third-party service provider.

The developer worked on parts of MetaMask’s core platform, including its mobile wallet and features that connect cryptocurrency users with outside fiat-payment services.

Consensys General Counsel Matt Corva said the company identified the threat soon after the developer was introduced, followed its security procedures and notified law enforcement.

He said an investigation found no evidence that assets or data were taken, malicious code was deployed or users were affected.

The company has not publicly explained how it determined that the developer’s persona was connected to the Democratic People’s Republic of Korea.

MetaMask releases halted as inquiry widened

Internal communications cited by the report showed that Corva ordered all product releases to be suspended while Consensys examined the contractor’s work. Employees were told not to communicate with the individual and to keep the matter confidential during the investigation.

Consensys mistakenly hired North Korea-linked developer to work on MetaMask
Consensys email orders immediate suspension of releases during security investigation.

Corva said Consensys’ decision to revoke the developer’s access, suspend product releases, investigate the incident and notify law enforcement showed its security controls had worked against what he described as a nation-state threat.

Even so, the company began reviewing how it vets outside engineers, saying contractors should face standards comparable to those applied to employees.

The incident highlights a growing vulnerability for crypto companies that rely on outside developers, particularly when access is granted through trusted vendors or existing business relationships.

North Korean crypto thefts jump 51 percent to $2.02 billion

The incident comes as cybersecurity researchers warn that North Korean-linked groups are expanding efforts to infiltrate cryptocurrency, fintech and digital-asset companies through fake identities, recruitment schemes and software-supply relationships.

CrowdStrike said DPRK-linked actors stole a reported $2.02 billion in digital assets in 2025, up 51 percent from the previous year, as operations shifted toward higher-value targets.

Its 2026 Financial Services Threat Landscape Report said Pressure Chollima, a North Korean state-linked hacking group focused on high-value financial theft, carried out a $1.46 billion cryptocurrency heist using compromised software distributed through a supply-chain attack.

CrowdStrike also said Golden Chollima, a DPRK-linked group known for recruitment-themed social engineering, used job-related lures to access cloud environments, while Stardust Chollima targeted crypto and fintech workers with fake recruiter profiles, malicious coding tests and staged video calls.

Famous Chollima doubled its activity using AI-generated identities, according to the report, underscoring how artificial intelligence is lowering the cost of building convincing personas and speeding up reconnaissance and credential theft.

The Consensys case adds fraudulent hiring to the expanding playbook of crypto intrusions, showing how suspected state-linked actors can obtain legitimate access through routine contractor channels.

About The Coin Headlines

The Coin Headlines strives to bring trust into crypto media. At a time when every soundbite and headline can move the markets from red to green and vice-versa, The Coin Headlines promises to bring verified, credible and timely news and analysis from the world of crypto, blockchain, Web3, tech and markets. Founded in 2026, The Coin Headlines is based in the UAE with a team of experienced journalists and editors covering breaking news and updates from around the world.

From covering the biggest events to interviewing some of the most popular KOLs in the industry, The Coin Headlines keeps you informed of the latest trends and insights.

At The Coin Headlines our focus is clear: Real-time news updates, market movements, whale transfers, macroeconomic trends, tech and AI and geopolitical breaking news. The news we report goes through a strict editorial audit before its published to ensure the readers only get verified and credible information. We realize the world of crypto is dynamic, volatile, and many times, confusing. At The Coin Headlines we break down these complex issues into simple articles which cater to not just the experienced trader but also the student and first-time investor who wants to understand the space before committing to it.