• Trending
  • Comments
  • Latest
The Louvre needed police escorts to move crypto attendees: Decentralised money just decentralised the danger

The Louvre needed police escorts to move crypto attendees: Decentralised money just decentralised the danger

04/18/2026 - Updated on 05/25/2026
AI People joins Dubai’s innovation one — Declares war on the forgetting of humanity

AI People joins Dubai’s Innovation One program: Declares war on the forgetting of humanity

07/22/2025 - Updated on 07/23/2025
XRP community

Ripple CEO reassures community after SWIFT selects rival blockchain for pilot

02/10/2026
Polygon Discord Channel Hacked, Throws Crypto Community in Turmoil

Polygon Discord Channel Hacked, Throws Crypto Community in Turmoil

2
Bitcoin reclaims $107,000 as Iran-Israel ceasefire cools market tensions

Bitcoin reclaims $107,000 as Iran-Israel ceasefire cools market tensions

2

Hello world!

1
Crypto supply chain attack

Consensys says a North Korean operative accessed core MetaMask code for a month

07/18/2026
US Crypto Market Structure Bill Faces Fresh Delay

New Hampshire, Texas and Wyoming push crypto policy while Congress stalls on Clarity Act

07/18/2026
Trustedvolumes exploit

TrustedVolumes attacker returns $2 million in ETH, keeps $2 million as self-declared bounty

07/18/2026
  • Trending
  • Comments
  • Latest
The Louvre needed police escorts to move crypto attendees: Decentralised money just decentralised the danger

The Louvre needed police escorts to move crypto attendees: Decentralised money just decentralised the danger

04/18/2026 - Updated on 05/25/2026
AI People joins Dubai’s innovation one — Declares war on the forgetting of humanity

AI People joins Dubai’s Innovation One program: Declares war on the forgetting of humanity

07/22/2025 - Updated on 07/23/2025
XRP community

Ripple CEO reassures community after SWIFT selects rival blockchain for pilot

02/10/2026
Polygon Discord Channel Hacked, Throws Crypto Community in Turmoil

Polygon Discord Channel Hacked, Throws Crypto Community in Turmoil

2
Bitcoin reclaims $107,000 as Iran-Israel ceasefire cools market tensions

Bitcoin reclaims $107,000 as Iran-Israel ceasefire cools market tensions

2

Hello world!

1
Crypto supply chain attack

Consensys says a North Korean operative accessed core MetaMask code for a month

07/18/2026
US Crypto Market Structure Bill Faces Fresh Delay

New Hampshire, Texas and Wyoming push crypto policy while Congress stalls on Clarity Act

07/18/2026
Trustedvolumes exploit

TrustedVolumes attacker returns $2 million in ETH, keeps $2 million as self-declared bounty

07/18/2026
Saturday, July 18, 2026
  • Login
The Bit Gazette
  • Home
  • Crypto News
  • Expert Analysis
  • Finance
  • Tech
  • Sponsored
  • Press Release
  • Opinion
No Result
View All Result
The Bit Gazette
No Result
View All Result
Home Breaking News

Consensys says a North Korean operative accessed core MetaMask code for a month

The incident underscores growing cybersecurity risks facing crypto firms as North Korean operatives increasingly infiltrate companies through trusted third-party hiring channels.

by Elizabeth Omotoke
30 minutes ago
in Breaking News
Reading Time: 5 mins read
0
Crypto supply chain attack

Crypto supply chain attack

Share on FacebookShare on Twitter

Consensys has confirmed that a software developer linked to North Korea, operating under the alias “Tyler Knapp,” gained access to core MetaMask code for roughly one month before the company detected the threat and revoked access.

Although Consensys insists that no customer funds, user data, or production systems were compromised, the revelation has intensified concerns about sophisticated infiltration tactics targeting crypto companies. The incident also comes at a time when investor confidence has been shaken by renewed Bitcoin price weakness and growing cybersecurity threats across the digital asset industry.

The company disclosed that the developer operated under the alias “Tyler Knapp” and worked for roughly one month before internal security measures uncovered the deception. Security experts say the episode illustrates how a Crypto supply chain attack can originate through trusted contractors and third-party vendors rather than direct attacks on blockchain infrastructure.

North Korean developer entered MetaMask through third-party hiring

According to Consensys, the developer was engaged as a consultant through a long-standing external staffing partner rather than the company’s internal recruitment process.

Using the GitHub account “imyugioh” and the identity “Tyler Knapp,” the individual contributed to portions of MetaMask’s codebase beginning on March 9. Internal Slack communications later revealed that the contractor had access to software responsible for MetaMask’s crypto-to-fiat and fiat-to-crypto integrations with third-party payment providers, as well as components of the mobile wallet application.

The work continued until April, when Consensys detected suspicious activity and immediately terminated all access.

Matt Corva, General Counsel at Consensys, said the company’s internal controls functioned as intended once the threat was identified.

“Our investigation found no evidence of user harm, no malicious code entering production, and no loss of assets or customer information,” Corva said in internal communications later confirmed by the company.

Corva also instructed employees to suspend product releases while investigators reviewed the incident and advised staff not to engage with the individual during the investigation. The temporary release freeze reflected the seriousness with which the company treated the potential Crypto supply chain attack, even though investigators ultimately concluded that no production systems had been compromised.

The company emphasized that existing security protocols, including code reviews and deployment safeguards, prevented unauthorized software from reaching users.

Incident highlights growing supply chain risks in crypto

The disclosure has renewed debate over software supply chain security within the cryptocurrency industry.

Unlike traditional cyberattacks that target customer wallets directly, a Crypto supply chain attack attempts to infiltrate trusted software development processes. If successful, attackers may introduce malicious code into widely used applications, potentially affecting millions of users downstream.

Security professionals have repeatedly warned that cryptocurrency companies are particularly attractive targets because developers often have privileged access to source code, wallet infrastructure, transaction systems, and security tooling.

The MetaMask incident demonstrates how attackers increasingly exploit human vulnerabilities—including recruitment pipelines and third-party vendors—rather than attempting to breach hardened technical defenses directly.

While Consensys says its layered security architecture prevented any malicious changes from reaching production, the case illustrates why software vendors continue strengthening identity verification, contractor screening, and privileged access management.

Industry experts have long advocated for “zero trust” security models that continuously verify every employee and contractor regardless of their hiring source.

As cybersecurity expert Bruce Schneier has frequently argued, “Security is a process, not a product,” highlighting the need for organizations to continually reassess trust throughout their operations.

North Korea continues targeting crypto firms worldwide

The attempted infiltration fits a broader pattern of North Korean cyber operations targeting cryptocurrency businesses around the world.

Over the past several years, U.S. authorities have repeatedly uncovered schemes in which North Korean IT workers secured remote software development jobs using stolen identities, forged documentation, and U.S.-based facilitators operating so-called “laptop farms.” These setups allow overseas workers to appear as though they are logging into corporate systems from within the United States.

Federal prosecutors have successfully prosecuted several Americans accused of helping facilitate these operations.

One widely reported case involved an Arizona woman who admitted operating a laptop farm that authorities said generated more than $17 million for entities linked to North Korea. Earlier this year, the U.S. Department of Justice also announced convictions involving additional American facilitators connected to employment schemes affecting dozens of U.S. companies.

The cryptocurrency sector remains one of Pyongyang’s highest-priority targets because successful compromises can generate significant revenue despite international sanctions.

According to blockchain intelligence company TRM Labs, North Korea-linked hacking groups were responsible for roughly two-thirds of cryptocurrency stolen through hacks during the previous year. That figure includes the approximately $1.5 billion theft from Bybit, an attack that multiple governments and blockchain investigators have attributed to North Korean threat actors.

TRM Labs has consistently warned that state-sponsored cyber groups are evolving beyond direct exchange hacks into broader infiltration campaigns involving recruitment fraud, insider access, and software development environments.

MetaMask users remain safe, but security questions persist

Despite the alarming nature of the disclosure, Consensys maintains that MetaMask users were never placed at risk.

The company’s internal investigation found no evidence that malicious software was introduced into production, customer assets were accessed, or sensitive user information was exposed.

Even so, the incident serves as another reminder that a Crypto supply chain attack does not have to succeed to expose weaknesses within an organization’s security ecosystem. The mere ability of a hostile actor to obtain temporary access to critical development systems demonstrates the increasingly sophisticated methods employed by state-backed cyber groups.

For cryptocurrency firms, the lesson extends well beyond technical defenses. Enhanced background checks, stronger verification of third-party contractors, continuous monitoring of privileged access, and rigorous code review processes are becoming essential safeguards against future attacks.

As digital assets continue attracting institutional adoption, cybersecurity is likely to become an even greater competitive differentiator.

While Consensys successfully contained this attempted Crypto supply chain attack before users suffered any harm, the episode reinforces a growing reality across the industry: protecting crypto infrastructure now requires defending not only networks and wallets but also the people and processes that build them. With North Korean cyber operations becoming increasingly sophisticated, the threat of another Crypto supply chain attack will remain a central concern for blockchain companies worldwide.

Tags: Blockchain SecurityConsenSyscrypto SecurityCryptocurrencyCryptocurrency Newscyber espionagecybersecuritydigital assetsethereumLazarus groupMetamasknorth koreasmart contractssoftware supply chainweb3
Share196Tweet123
Elizabeth Omotoke

Elizabeth Omotoke

  • Trending
  • Comments
  • Latest
The Louvre needed police escorts to move crypto attendees: Decentralised money just decentralised the danger

The Louvre needed police escorts to move crypto attendees: Decentralised money just decentralised the danger

04/18/2026 - Updated on 05/25/2026
AI People joins Dubai’s innovation one — Declares war on the forgetting of humanity

AI People joins Dubai’s Innovation One program: Declares war on the forgetting of humanity

07/22/2025 - Updated on 07/23/2025
XRP community

Ripple CEO reassures community after SWIFT selects rival blockchain for pilot

02/10/2026
Polygon Discord Channel Hacked, Throws Crypto Community in Turmoil

Polygon Discord Channel Hacked, Throws Crypto Community in Turmoil

2
Bitcoin reclaims $107,000 as Iran-Israel ceasefire cools market tensions

Bitcoin reclaims $107,000 as Iran-Israel ceasefire cools market tensions

2

Hello world!

1
Crypto supply chain attack

Consensys says a North Korean operative accessed core MetaMask code for a month

07/18/2026
US Crypto Market Structure Bill Faces Fresh Delay

New Hampshire, Texas and Wyoming push crypto policy while Congress stalls on Clarity Act

07/18/2026
Trustedvolumes exploit

TrustedVolumes attacker returns $2 million in ETH, keeps $2 million as self-declared bounty

07/18/2026
The Bit Gazette

Copyright © 2025 - The Bit Gazette.

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Home
  • Crypto News
  • Expert Analysis
  • Finance
  • Tech
  • Sponsored
  • Press Release
  • Opinion

Copyright © 2025 - The Bit Gazette.