MetaMask Owner Uncovers North Korean Developer Hidden in Its Team

  • A North Korean developer worked inside MetaMask for about a month.
  • He helped build the wallet before Consensys caught the risk.
  • Consensys says no funds, data, or code were harmed.
Promo

A North Korean developer spent about a month inside MetaMask, a leading crypto wallet used by more than 30 million people each month. Its maker, Consensys, did not know who he really was.

He used a fake name, Tyler Knapp. He helped write core wallet code. Some of it moved money between crypto and cash. Then Consensys caught him, cut his access, and found nothing had been taken.

How the North Korean developer got in

He came in through a contractor. Consensys hired him as a consultant, not a full employee. On GitHub, he used the handle imyugioh. His code changes ran from March 9 until April, when the company cut him off.

Sponsored
Sponsored

That access worries investigators. Intelligence firm TRM Labs says developer setups are now the fastest route to a crypto firm’s keys. Attackers use them to reach the systems that approve withdrawals.

In April, general counsel Matt Corva told staff to halt all product releases and avoid the man. The firm alerted law enforcement and is reviewing its contractor vetting process.

“We discovered the threat… and launched a comprehensive investigation that confirmed there was no misappropriation of assets or data, no malicious code deployed, and no impact to user safety and security,” Matt Corva, Consensys general counsel said in a statement to Drop Site News.

Follow us on X to get the latest news as it happens

Why North Korea Keeps Trying

This was not a one-off. North Korean workers pose as engineers to win remote jobs, then steal secrets or plant a way back in. One Ethereum-funded project recently found 100 suspected North Korean IT workers across 53 crypto projects.

The trick usually starts with a fake job offer or a phony recruiter. US courts have jailed Americans for helping these workers look local.

The stakes are huge. Last year, North Korean hackers stole $1.5 billion from the Bybit exchange, the FBI said. TRM Labs says the country took more than half of the $2.7 billion lost to crypto hacks in 2025.

Some crypto firms are fighting back. They now share threat intelligence to catch them early.

Consensys caught this one in time. The test is whether the next firm spots its fake hire before the code ships.


To read the latest cryptocurrency market analysis from BeInCrypto, click here.

Disclaimer

BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.

Sponsored
Sponsored