ConsenSys inadvertently hired North Korean operative who accessed MetaMask’s core code
The blockchain firm discovered a consultant working under a false identity had ties to the DPRK, though no user data was compromised
Consensys hired a software developer linked to North Korea who contributed to core code for its MetaMask crypto wallet, according to internal communications obtained by Drop Site News.
The consultant used the alias “Tyler Knapp” and the GitHub username “imyugioh.” Internal messages and public GitHub records indicate the developer worked on MetaMask platform code, including features connecting crypto users with third party fiat payment providers.
The developer began contributing to the project on March 9 and remained inside the company’s systems for roughly one month. The contributions stopped in April, when Consensys terminated the consultant’s access.
Consensys General Counsel Matt Corva said the developer was introduced through an existing relationship with a reputable third party service provider.
Corva said Consensys detected the threat quickly, removed the individual’s access and launched an investigation. The company found no evidence that assets or data were taken, malicious code was deployed or user security was affected.
Consensys also notified law enforcement and provided information connected to the incident.
Internal communications show Corva ordered an immediate suspension of all product releases while the company investigated the consultant. Employees were instructed not to communicate with the individual and to keep the investigation confidential.
Consensys did not explain how it determined the developer was connected to North Korea. The company said the incident demonstrated that its security procedures could detect complex nation state threats before users were affected.
The company has since reviewed how it hires engineers through outside service providers. Consensys said the standards applied to direct employees will also be required across more complex third party relationships.
North Korean nationals have repeatedly used fabricated identities to obtain remote software jobs at American companies. These operations can generate revenue for the North Korean government while giving workers access to proprietary software, corporate data and internal infrastructure.
North Korea linked groups accounted for about 66% of crypto assets stolen during the first half of 2026, representing roughly $643 million, according to TRM Labs.