Market Prices

BTC Bitcoin
$64,822.7 +1.27%
ETH Ethereum
$1,862.21 +0.98%
SOL Solana
$75.51 +0.53%
BNB BNB Chain
$570.6 +0.37%
XRP XRP Ledger
$1.09 +0.24%
DOGE Dogecoin
$0.0725 -0.15%
ADA Cardano
$0.1670 +0.12%
AVAX Avalanche
$6.59 +0.08%
DOT Polkadot
$0.8358 -1.76%
LINK Chainlink
$8.35 +1.00%

Event Calendar

{{年份}}
30
04
upgrade Celestia Mainnet Upgrade

Improves data availability sampling efficiency

10
05
upgrade Ethereum Pectra Upgrade

Raises validator limit and account abstraction

15
04
halving Bitcoin Halving

Block reward reduced to 3.125 BTC

28
03
unlock Arbitrum Token Unlock

92 million ARB released

08
04
upgrade Solana Firedancer

Independent validator client goes live on mainnet

18
03
unlock Sui Token Unlock

Team and early investor shares released

12
05
halving BCH Halving

Block reward halving event

22
03
unlock Optimism Unlock

Circulating supply increases by about 2%

Gas Tracker

Ethereum 28 Gwei
BNB Chain 3 Gwei
Polygon 42 Gwei
Arbitrum 0.5 Gwei
Optimism 0.3 Gwei

💡 Smart Money

0xb992...ced7
Institutional Custody
+$4.3M
92%
0xf6bf...7a1a
Institutional Custody
-$4.0M
92%
0xceb1...8c86
Arbitrage Bot
+$0.5M
71%

🧮 Tools

All →

The North Korean Hacker in MetaMask’s Codebase: A Systemic Supply Chain Breach

ProPanda
Scams
The ledger remembers what the market forgets. Last month, a North Korean developer named Tyler Knapp—a name that never existed—pushed code into MetaMask’s private repositories. He was a contractor at Consensys, hired through a standard onboarding process. For 30 days, he had direct access to the codebase that manages the transfer of funds between cryptocurrency and fiat. No exploit was triggered. No zero-day was used. Yet this is not a story of a failed attack. It is a story of a systemic vulnerability that the crypto industry has chosen to ignore. Context: MetaMask commands over 30 million monthly active users. It is the default self-custody wallet for the Ethereum ecosystem. Consensys, its parent company, has a team of world-class engineers. They audit code, run bug bounties, and deploy rigorous testing frameworks. But their defense failed not at the technical layer—it failed at the human layer. The attacker, later linked to a North Korean state-sponsored group, used a fake identity, a convincing GitHub profile, and a contractor pipeline that lacked adequate sanctions screening. He was granted access to the developer environment where the company’s most sensitive code resided. Core: The attack path is textbook supply chain infiltration. According to TRM Labs, developer environments are the fastest route to a company’s cryptographic keys. The attacker did not need to break encryption; he needed to break trust. He worked alongside legitimate developers for a month, submitting pull requests, attending stand-ups, and building rapport. He targeted specifically the code responsible for on-ramping and off-ramping—the bridge between crypto and cash. This is where real-world value moves. By compromising that layer, an attacker could siphon funds without ever touching a blockchain’s ledger. From my experience auditing ICO smart contracts in 2017, I learned one truth: code is the easy part. The hard part is verifying that the person writing it is who they claim to be. Back then, we ran re-entrancy checks and overflow tests. Today, the same rigor must apply to people. The industry has standardized software bill of materials (SBOMs) for open-source libraries. It has not standardized identity verification for remote developers. That is the gap this attack exploited. The data is clear: the attacker was discovered not by internal systems but by shared threat intelligence—a consortium of companies comparing notes on suspicious resumes. This means the industry is already sharing warnings, but only after the fact. Proactive screening remains optional. The result is a reactive posture against a proactive adversary. North Korea’s Lazarus Group has stolen billions from exchanges. Now they are moving upstream, embedding themselves inside the teams that build the tools. Contrarian: The market’s immediate reaction may be relief. No funds were lost. No malicious code was found. Consensys acted quickly and contacted law enforcement. The price of ETH did not move. But this is the wrong conclusion. The real danger is not what happened—it is what could have happened. Imagine a single line of code allowing the attacker to redirect all MetaMask swap transactions to a controlled address. That would have drained billions from users across every chain. The fact that it did not happen is luck, not strategy. We do not build on hype; we build on consensus. And the consensus is that remote contractor risk is undermanaged. Traditional finance solved this decades ago. Bank employees undergo biometric verification, background checks, and continuous monitoring. Crypto companies, proud of their global remote culture, have chosen convenience over security. The decoupling thesis—that crypto operates on a different risk model—is false here. Nation-state actors do not care about decentralization. They exploit the weakest link, and that link is the onboarding process. Already, regulatory implications are surfacing. US courts have convicted individuals for helping North Koreans pose as local workers. OFAC sanctions apply to employers who inadvertently hire sanctioned nationals. Consensys now faces potential fines in the hundreds of millions if the Justice Department determines that its contractor screening was insufficient. This is not a hypothetical—the legal precedent exists. Takeaway: The crypto industry must treat developer identity as a first-class security asset. Standardize or perish. Implement video verification for all developers with access to sensitive code. Mandate hardware security keys for every commit. Share fake resume databases in real time across the industry. The broker does not forgive complacency. The next attack will not be a warning—it will be a catastrophe. Regulation is the filter for true utility. The question is whether the industry will filter itself before the government does. The ledger remembers what the market forgets. Let us ensure that what it remembers is not the breach we refused to prevent.

The North Korean Hacker in MetaMask’s Codebase: A Systemic Supply Chain Breach

The North Korean Hacker in MetaMask’s Codebase: A Systemic Supply Chain Breach

Fear & Greed

25

Extreme Fear

Market Sentiment

Altseason Index

43

Bitcoin Season

BTC Dominance Altseason

Market Cap

All →
# Coin Price
1
Bitcoin BTC
$64,822.7
1
Ethereum ETH
$1,862.21
1
Solana SOL
$75.51
1
BNB Chain BNB
$570.6
1
XRP Ledger XRP
$1.09
1
Dogecoin DOGE
$0.0725
1
Cardano ADA
$0.1670
1
Avalanche AVAX
$6.59
1
Polkadot DOT
$0.8358
1
Chainlink LINK
$8.35

🐋 Whale Tracker

🔴
0x55d3...7622
12m ago
Out
1,128.48 BTC
🟢
0x0ae8...5902
12m ago
In
2,666.36 BTC
🔴
0xcf47...e0ae
12m ago
Out
43,127 SOL