Consensys removed a software contractor tied to North Korea after the developer spent about one month contributing to MetaMask code, including work connected to crypto-to-fiat services and th
Consensys removed a software contractor tied to North Korea after the developer spent about one month contributing to MetaMask code, including work connected to crypto-to-fiat services and the wallet’s mobile application.
The consultant operated under the alias “Tyler Knapp” and the GitHub handle “imyugioh.” Internal communications obtained by Drop Site News placed the first contributions on March 9, 2026, with activity ending in April when Consensys terminated the contractor’s access. The public GitHub profile still displays MetaMask’s core and mobile repositories among its pinned projects.
The contractor entered through an established third-party service provider rather than Consensys’ direct hiring channel. Consensys general counsel Matt Corva said the company detected the threat quickly, revoked access, suspended product releases during the investigation and notified law enforcement.
Consensys Found No Malicious Code Or User Losses
The internal response included an April company-wide order to halt product releases while security teams reviewed the contractor’s work. Staff were also instructed not to interact with the individual during the investigation.
Consensys said the review found no misappropriation of assets or data, no malicious code deployment and no impact on user safety or security. The company did not publicly explain how it established the contractor’s North Korean connection, but Corva described the individual as a “DPRK-linked persona.”
The company has since reviewed its use of outsourced engineering and development services. Corva said third-party relationships will face the rigorous standards applied to direct employees following the incident.
The disclosure arrived three days after MetaMask marked its tenth anniversary on July 14. The wallet used the milestone to present its expansion from an Ethereum browser extension into a broader self-custodial platform supporting Bitcoin, Solana and hundreds of blockchain networks.
North Korean operatives have increasingly targeted technology and crypto companies through false identities, contractor roles, remote-access infrastructure and developer-focused social engineering. U.S. authorities said two recently prosecuted schemes allowed DPRK workers to access nearly 70 American companies while generating more than $1.2 million.
Ripple has also shared DPRK threat intelligence covering fraudulent domains, wallets and suspected insider-access attempts. Separate research placed North Korea-linked actors behind 76% of reported 2026 crypto hack losses through April.
Consensys removed the contractor before any malicious code, data theft or financial loss was identified. Access was revoked, the individual’s contributions were reviewed and releases involving that work were paused while the company completed its internal checks.
The post MetaMask Removed North Korea-Linked Contractor After Month Of Code Access appeared first on Crypto Adventure.