Consensys Uncovers North Korea-Linked Developer Behind MetaMask Code
Market News

Consensys Uncovers North Korea-Linked Developer Behind MetaMask Code

By Peter Mwenda
  • Consensys removed a DPRK-linked developer before any MetaMask users were affected.
  • Internal investigation found no malicious code, stolen assets, or exposed user data.
  • Incident prompted stricter contractor screening amid rising crypto security threats.

Consensys has confirmed that it identified and removed a software developer linked to North Korea after the individual contributed to MetaMask-related code through a third-party service provider. 

The company said its internal investigation found no evidence of stolen assets, compromised user data, malicious code, or any impact on MetaMask users.

Consensys Removes Developer After Internal Security Review

Consensys discovered the security risk after hiring a consultant introduced through an existing relationship with a third-party service provider. The developer operated under the alias “Tyler Knapp” and reportedly used the GitHub username “imyugioh.”

According to a Drop Site News report, the consultant contributed to MetaMask platform code, including crypto-to-fiat conversion features integrated with third-party payment providers. Public GitHub records showed contributions began on March 9 before ending in April when Consensys revoked the developer’s access.

The blockchain software company said it immediately activated its security procedures after identifying the potential threat. Access privileges were removed, product releases were temporarily suspended, and a comprehensive investigation was launched.

Consensys General Counsel Matt Corva said the investigation confirmed that no company assets or user data were misappropriated. He also stated that investigators found no malicious code deployed within MetaMask‘s infrastructure and no security risks affecting users.

The company notified law enforcement and shared relevant information related to the incident. 

However, Consensys did not disclose how it determined the consultant was linked to North Korea.

Crypto Firms Face Growing Threat From North Korean IT Workers

The incident highlights an increasing cybersecurity challenge facing cryptocurrency companies that rely on remote engineering talent and external contractors.

North Korean operatives have repeatedly used false identities to obtain software development positions at technology and blockchain companies. These roles can provide access to proprietary source code, internal systems, and sensitive development environments.

Consensys said the incident demonstrated that its security controls successfully detected and contained a sophisticated nation-state threat before users were affected. 

Following the investigation, the company began reviewing its engineering outsourcing policies to strengthen screening standards for third-party contractors.

Security researchers have consistently warned that crypto companies remain attractive targets because developers often receive access to wallet infrastructure and transaction systems.

Blockchain intelligence firm TRM Labs has also reported that North Korea-linked groups continue to dominate crypto-related theft. 

The firm estimated that such groups accounted for approximately 66% of cryptocurrency stolen during the first half of 2026, underscoring the persistent security risks facing the digital asset industry.

Peter Mwenda

About the Author

Peter Mwenda

Peter Mwenda is a skilled crypto journalist and expert in blockchain technology, digital assets, and decentralized finance. He has a talent for translating complex concepts into engaging informative content. With a deep understanding of the industry, Peter delivers accurate analysis that appeals to beginners and seasoned enthusiasts.

Leave a Reply