North Korean Devs Built Top DeFi Protocols Before Hacks
North Korean developers embedded themselves in DeFi protocol teams during DeFi Summer, then later enabled billions in crypto losses through inside exploits.
Key Takeaway
North Korean developers built DeFi protocols from the inside, then exploited them for billions.
Taylor Monahan has a message for anyone who thinks North Korean IT workers were just slipping past background checks.
They weren't faking resumes. They were actively building prominent DeFi platforms during the industry's explosive growth phase known as DeFi Summer. Those same developers later enabled billions in crypto losses, she added.
The claim raises uncomfortable questions about which protocols might have had North Korean contributors embedded in their core teams. Monahan didn't name specific platforms, but the timing points to the wave of automated market makers and yield farming protocols that launched between mid-2020 and late 2021. That period saw total value locked in DeFi surge from under ₱60.2 billion ($1 billion) to over ₱6.02 trillion ($100 billion) as projects rushed to ship code and compete for users.
The Lazarus Group has been tied to some of the largest crypto thefts in history, including the Ronin Network breach and multiple exchange hacks. But Monahan's point is darker — that some of these attacks may have been inside jobs enabled by developers who helped build the protocols from the start.
The revelation adds a new layer to the North Korean IT worker problem that's plagued crypto companies for years. It's one thing to catch fake LinkedIn profiles. It's another to realize that legitimate contributors to your codebase might be funneling intelligence back to Pyongyang or planting backdoors for future exploits. DeFi protocols that hired aggressively during the 2020-2021 boom may want to audit who had commit access during those months.
This article was written based on reporting from CryptoPotato.
