Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
No Result
View All Result
Home News Security & Hacks

Consensys Hired Suspected North Korean Hacker for MetaMask Wallet: Tyler Knapp Case Revealed

Consensys MetaMask Hired Suspected North Korean Hacker “Tyler Knapp” – What We Know

Sathish Kumar Kaliraj by Sathish Kumar Kaliraj
July 18, 2026
in Security & Hacks
0 0
Consensys Removed North Korea-Linked MetaMask Consultant After Month-Long Code Access

Created by Cryip

Share on FacebookShare on Twitter
MakeCryipCryippreferred onGoogle

In a significant security lapse that has sent ripples through the cryptocurrency industry, blockchain giant Consensys, the company behind the widely used MetaMask wallet, inadvertently hired a developer with suspected ties to North Korea. The revelation, first reported by Drop Site News on July 17, 2026, underscores the persistent and evolving risks posed by state-sponsored actors targeting the crypto sector.

The “Tyler Knapp” Case: What Happened

According to internal communications obtained by Drop Site News, the individual operated under the alias “Tyler Knapp” and GitHub username imyugioh. He was onboarded as a consultant through a third-party service provider that Consensys had previously trusted.

Knapp’s contributions focused on core platform elements of MetaMask, particularly features related to on-ramps and off-ramps, the critical bridges between cryptocurrency and traditional fiat currencies. His work reportedly included code that handled interactions with third-party payment providers.

  • Timeline: GitHub activity began around March 9, 2026, and ceased abruptly in April 2026.
  • Duration: Approximately one month of internal access.
  • Discovery: Consensys General Counsel Matt Corva issued a company-wide alert in April, suspending product releases and ordering staff to cease all interaction with Knapp during the probe.

Corva later stated that the company’s security protocols identified the threat quickly. A full investigation confirmed no misappropriation of assets or data, no deployment of malicious code, and crucially, no impact on user safety or security. Law enforcement was notified.

“We’ve reviewed our practices for utilizing third-party services to ensure the rigorous standard which we apply to all of our employees is also followed in more complex third-party relationships.” — Matt Corva, General Counsel, Consensys

MetaMask Celebrates 10th Anniversary Amid Security Scrutiny

The incident comes shortly after MetaMask celebrated its 10th anniversary, marking a decade as one of Ethereum’s most important on-ramps. With tens of millions of users worldwide, any potential supply-chain risk to the wallet ecosystem carries major implications for decentralized finance and Web3 adoption.

Examining the GitHub Profile and Contributions

The imyugioh profile presents as a typical blockchain developer. Its bio reads “Ready or not, Spirit, This is where you take over,” with a location listed as “Domino City,” a clear reference to the Yu-Gi-Oh! franchise. The account has around 33 followers and holds GitHub Developer Program membership.

Related Story

Los Angeles Pair Indicted Over Darknet Drug Sales and Crypto Laundering

California Pair Indicted Over Darknet Fentanyl Sales and Crypto Laundering

July 16, 2026

US Government Deposits $9.29M in Ethereum From FTX Seized Assets Into Coinbase Prime

July 16, 2026

Pinned repositories prominently feature forks of major MetaMask projects, including MetaMask/core and MetaMask/metamask-mobile.

One of the final public contributions was Pull Request #28399, merged on April 5, 2026. This update fixed a problem that was preventing some users from properly seeing supported tokens when buying or selling crypto through the app’s ramp features.

Our Cryip team analyst reviewed the repositories and pull request commits in detail. The changes improved how the app checks which payment providers support specific tokens. The update was tested, reviewed by the team, and included before-and-after demonstration videos. It was merged into the next release shortly before the account’s access was revoked.

While the visible public contributions appear to be legitimate bug fixes aimed at improving user experience, the timing raises important questions. It is unclear whether any other modifications were made in private code or internal systems during the same period.

Consensys’ Position and Lessons Learned

In statements to Drop Site News, Matt Corva emphasized pride in the rapid response and highlighted ongoing collaboration with law enforcement. The company is conducting a broader review of outsourcing and third-party engineering practices, a necessary step given the decentralized and fast-moving nature of blockchain development.

MetaMask remains one of the most popular entry points to Ethereum. Any compromise in its supply chain could have had serious consequences for the wider ecosystem.

The Wider DPRK Threat Landscape

The Consensys incident is not isolated. North Korean IT workers and hackers have aggressively targeted the crypto industry for years, generating hundreds of millions, if not billions, in revenue for the regime.

  • Remote Job Infiltration: Operatives use stolen or fabricated identities, polished GitHub histories, and remote desktop tools to secure positions at Western tech and crypto firms. See our earlier report: Fake Job Candidate Exposed After Failing “Insult Kim Jong Un” Test (April 2026).
  • Financial Networks: On-chain investigator ZachXBT recently exposed an internal DPRK payment server processing over 3.5 million dollars in illicit remittances from IT workers. The platform, luckyguys.site, featured weak security and detailed hierarchies. Full coverage: ZachXBT Exposes DPRK Crypto Payment Network.
  • Exploit Surge: April 2026 recorded an alarming 625 million dollars in DeFi exploits, many linked to sophisticated North Korean groups such as Lazarus. Read: Record 625 Million Dollars in DeFi Exploits – April 2026.

Why Crypto Remains a Prime Target

Several factors make blockchain companies attractive:

  1. Remote-friendly roles with high salaries that can be funneled back to Pyongyang.
  2. Access to valuable intellectual property, smart contract logic, and sometimes direct wallet infrastructure.
  3. Relatively lighter background checks compared to traditional finance in some startups.
  4. The pseudonymous and borderless nature of crypto aligns with sanctions-evasion goals.

Researchers have documented cases spanning years, with North Korean workers embedded in DeFi protocols, wallets, and infrastructure projects. Behavioral indicators, such as hesitation on politically sensitive topics or sudden connection drops, are now part of the informal screening toolkit used by vigilant hiring managers.

Industry Implications and Recommendations

The incident serves as a wake-up call. Even well-resourced firms like Consensys can be breached through the supply chain. Smaller teams remain even more vulnerable.

Best Practices Emerging:

  • Multi-layered identity verification beyond resumes and GitHub.
  • Company-issued devices and restricted remote access tools.
  • Behavioral and technical interviews designed to detect inconsistencies.
  • Continuous monitoring of code contributions and internal access.
  • Collaboration with law enforcement and threat intelligence firms specializing in DPRK operations.

As the industry matures, expect tighter scrutiny on hiring, greater use of AI-assisted vetting, and possibly regulatory pressure to implement stronger supply-chain security standards.

Conclusion

The “Tyler Knapp” affair highlights both the ingenuity of North Korean cyber programs and the persistent vulnerabilities in the global remote workforce. While Consensys acted decisively once the threat was identified, the case illustrates how state actors can blend into open-source communities and development teams.

Original source material includes reporting by Drop Site News. GitHub profiles and pull requests are publicly accessible as of publication. This article contains independent analysis and context by Saravana Kumar Mahendran, a content writer and security analyst whose work has been cited by Halborn and Sherlock.

Disclaimer: Cryip is an independent media and research outlet providing news, data, and analysis on the cryptocurrency industry. Content is for informational and research purposes only and does not constitute financial, legal, tax, or investment advice. Cryptocurrency markets are volatile and past performance is not indicative of future results. References to specific assets, platforms, or incidents are for journalistic purposes only and do not imply endorsement, and readers assume full responsibility for their decisions.
Tags: Crypto ScamsMetaMaskNorth Korea

Related Posts

Los Angeles Pair Indicted Over Darknet Drug Sales and Crypto Laundering
Scams & Fraud

California Pair Indicted Over Darknet Fentanyl Sales and Crypto Laundering

by Saravana Kumar Mahendran
July 16, 2026

Federal prosecutors have charged two Los Angeles residents with allegedly operating a nationwide darknet drug business that distributed fentanyl and...

Read moreDetails

US Government Deposits $9.29M in Ethereum From FTX Seized Assets Into Coinbase Prime

July 16, 2026
DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

July 11, 2026
AI Agents Now Have a New Internet Court to Settle Disputes

AI Agents Now Have a New Internet Court to Settle Disputes

July 10, 2026
CodexField on BNB Chain Faces Rug Pull Allegations

BNB Chain Project CodexField Faces Rug Pull Claims After Abnormal Fund Transfers

July 10, 2026
Relay Warns of Scam Tokens Disappearing From Wallets on Robinhood Chain

Relay Warns of Scam Tokens Disappearing From Wallets on Robinhood Chain

July 10, 2026
INTERPOL Operation First Light 2026 Leads to 5,811 Arrests in Global Fraud Crackdown

INTERPOL Operation First Light 2026 Leads to 5,811 Arrests in Global Fraud Crackdown

July 9, 2026

Recommended

  • All
  • News
FTX to Distribute $900M to Creditors in Fifth Repayment Round on July 31

FTX to Distribute $900M to Creditors in Fifth Repayment Round on July 31

July 18, 2026
France Blocks Polymarket as Global Crackdown on Prediction Markets Expands

France Blocks Polymarket as Global Crackdown on Prediction Markets Expands

July 18, 2026
SBI Holdings Acquire Coinhako

SBI Holdings Completes Majority Acquisition of Singapore Crypto Platform Coinhako

July 17, 2026
ESMA Adds 14 Crypto Firms to MiCA Register, Total Licensed CASPs Reach 294

ESMA Adds 14 Crypto Firms to MiCA Register, Total Licensed CASPs Reach 294

July 17, 2026
Argentina Traces LIBRA Funds Across Exchanges as Wallet Freeze Remains Unconfirmed

Argentina Traces LIBRA Funds Across Exchanges as Wallet Freeze Remains Unconfirmed

July 17, 2026
Bitcoin $DOG Mode Aims to Remove Bitcoin Core Relay Policy Limits

Bitcoin $DOG Mode Aims to Remove Bitcoin Core Relay Policy Limits

July 17, 2026
Aquads Builds Full Stack Project Hub to Close Crypto's Post-Launch Gap

Aquads Builds Full Stack Project Hub to Close Crypto’s Post-Launch Gap

July 17, 2026
Dutch Crypto Platform Knaken Declared Bankrupt Over €7M Customer Fund Shortfall

Dutch Crypto Platform Knaken Declared Bankrupt Over €7M Customer Fund Shortfall

July 17, 2026

Cryip focuses on crypto research and on-chain analysis, supported by coverage of markets, regulation, security events, and blockchain ecosystems.

Recent Posts

  • Consensys Hired Suspected North Korean Hacker for MetaMask Wallet: Tyler Knapp Case Revealed
  • FTX to Distribute $900M to Creditors in Fifth Repayment Round on July 31
  • France Blocks Polymarket as Global Crackdown on Prediction Markets Expands

Categories

  • AI × Crypto
  • Data & Dashboards
  • DeFi Basics
  • Investing Basics
  • Market & Price
  • Market Updates
  • On-Chain Analysis
  • OpSec
  • Policy & Regulation
  • Post Mortems
  • Press Release
  • Reports
  • Scams & Fraud
  • Security & Hacks
  • Stablecoins
  • Tokenomics
  • VC & Funding
  • Wallets & Custody

Company

  • About Us
  • Contact Us
  • Editorial Standards & Integrity
  • Our Team
  • Privacy Policy
  • Review Methodology
  • Terms and Conditions
  • Trust, Disclosures & Independence

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.