Buy $RAO Now
Main » Crypto News » DPRK’s Sleeping Agents in DeFi: How Hackers Secretly Built SushiSwap and Fantom for 7 Years

DPRK’s Sleeping Agents in DeFi: How Hackers Secretly Built SushiSwap and Fantom for 7 Years

DPRK’s Sleeping Agents in DeFi: How Hackers Secretly Built SushiSwap and Fantom for 7 Years
Breaking Crypto News Flash: DPRK’s Sleeping Agents in DeFi: How Hackers Secretly Built SushiSwap and Fantom for 7 Years

The crypto industry is facing a reality that resembles a spy thriller: North Korean developers have been infiltrating major decentralized protocols for years. What began as isolated incidents has turned out to be a massive state-level strategy.

Seven Years in the Shadows: How DPRK Agents Built the DeFi Ecosystem


Recent revelations from cybersecurity experts have shed light on the depth of North Korean penetration into the decentralized finance sector. According to Taylor Monahan, a developer at MetaMask, IT workers from the DPRK have been involved in creating popular protocols since at least 2020—the period known as "DeFi Summer."

“Many of the protocols you know and love were built by them. The seven years of blockchain development experience on their resumes is not a lie,” Monahan emphasized. The list of projects whose code may have been touched by Pyongyang’s agents includes giants such as SushiSwap, Thorchain, Fantom, Yearn, Shiba Inu, and Floki.

Disguise and Social Engineering: The Experience of Solana-Aggregator Titan


Infiltration methods are becoming increasingly sophisticated. Tim Ahl, founder of the Titan aggregator, shared a story about a candidate who was highly qualified and had no trouble appearing on video calls. The deception was only uncovered when the developer flatly refused an in-person meeting.

It later emerged that this specialist was linked to the infamous Lazarus Group. According to Ahl, the group has begun recruiting non-DPRK agents to personally gain the trust of crypto project teams, bypassing initial screenings.

Drift Protocol’s $280M Hack: The Price of Carelessness


Another confirmation of the threat came from the Drift Protocol team, which lost $280 million in an attack. The investigation showed that North Korean hackers were behind the breach, exploiting vulnerabilities planted or discovered during close interaction with the project's infrastructure.

Threat Classification: ZachXBT’s Perspective


Renowned blockchain detective ZachXBT urges the community not to demonize "Lazarus Group" as a single entity but to categorize threats by complexity. In his view, standard schemes via LinkedIn, Zoom, or email campaigns are “primitive.” Their main tool remains persistence, not technical genius.

Who Represents the Real Danger?


According to ZachXBT’s analysis, two specialized groups stand out from the general mass of IT workers:
1. TraderTraitor – specialized in complex, targeted attacks on crypto company employees.
2. AppleJeus – experts in creating malware disguised as trading platforms or tools.
Linked to North Korean hackers, attacks on crypto projects


How to Protect a Project: Lessons for the Industry


The situation requires the DeFi community to rethink hiring and security approaches:

Thorough Background Checks: A video call and a strong GitHub account are no longer enough.
Multi-level Code Audits: Any changes made, even by "trusted" developers, must undergo independent review.
Decentralization of Access Rights: No anonymous or remote employee should have full control over smart contracts or private keys.

The issue of the "insider threat" from the DPRK highlights the fragility of trust in the anonymous Web3 environment. Professionalism and vigilance are becoming the only barriers against state-sponsored cyberspionage.
Important Notice: The material provided is for informational purposes only and does not constitute investment advice. The Rao Cash editorial team is not responsible for your financial decisions. Cryptocurrency assets involve high risks — conduct your own research (DYOR).

Rao Cash Analytical Expertise: Event Context

The latest data presented in DPRK’s Sleeping Agents in DeFi: How Hackers Secretly Built SushiSwap and Fantom for 7 Years clearly reflects the ongoing shifts in the balance of power within the global cryptocurrency market. The Rao Cash information portal monitors these market triggers 24/7, delivering high-quality crypto news, real-time on-chain statistics, and expert blockchain industry insights to our audience. We assist readers in promptly identifying long-term trends while filtering out speculative noise and market manipulation.

Analyzing the event requires a comprehensive approach, including liquidity assessment, exchange trading volume tracking, and smart contract security audits. A vital element of our internal ecosystem is the utility RAO token—a digital asset integrated into our content infrastructure that unlocks access to professional data processing tools. By conducting granular technical analysis, our team helps investors gain a deeper understanding of institutional capital flows across the DeFi and Real World Asset (RWA) tokenization sectors.

By exploring the analytical breakdown on our multi-language platform, you gain access to verified, real-time insights. Our expert editorial group prioritizes objectivity and factual accuracy, establishing a trustworthy information foundation for making informed decisions in a rapidly evolving Web3 economy.

🚀 Short or long? Your verdict on the news:
Your name:
Your E-Mail: