BlockBeats report, April 17: The Ethereum Foundation recently released a summary report on the ETH Rangers security initiative, disclosing that during the six-month security funding program, researchers identified approximately 100 suspected state-sponsored cyber actors, including infiltrators from North Korea (DPRK), who have been active across multiple Web3 projects.
The report shows that the investigation was advanced through projects such as the "Ketman Project," during which researchers issued warnings to approximately 53 blockchain projects, revealing that these individuals infiltrated development teams under false identities and participated in fund transfers and technical roles. Meanwhile, some of the related funds, amounting to hundreds of thousands of dollars, have been frozen.
The security team has also incorporated this intelligence into its threat analysis framework for the Lazarus Group and disclosed it at security conferences such as DEF CON, demonstrating that state-sponsored cyberattacks continue to infiltrate cryptocurrency infrastructure.
In terms of overall outcomes, the program has collectively frozen or recovered over $5.8 million in funds, reported or documented more than 785 vulnerabilities, and addressed 36 security incidents, indicating that the security threats facing the current Ethereum ecosystem have escalated from isolated vulnerability exploits to systemic risks involving state-level actors.
In addition, the report notes that North Korea-linked hackers have infiltrated projects through methods such as "remote IT workers," employing various attack vectors including account takeovers, infiltration of freelance platforms, and fund transfers, making them a key focus of industry defense efforts.
The Ethereum Foundation emphasizes that the security of decentralized networks requires a "decentralized defense," and it will continue to support security research, threat intelligence, and talent development to address escalating state-sponsored cyber threats.