- The North Korea-linked Tyler Knapp had MetaMask code access for about one month.
- Knapp joined via a third-party provider and worked on crypto-to-fiat conversion.
- Consensys halted all MetaMask releases after discovering the North Korea threat.
Consensys, the blockchain firm behind the MetaMask crypto wallet, accidentally hired a software developer linked to North Korea who spent roughly a month contributing to core platform code before being identified and removed, according to internal company communications obtained by Drop Site News.
How It Happened
The developer operated under the alias Tyler Knapp and the GitHub handle imyugioh, and was brought into Consensys through a third-party service provider the company had an existing relationship with. That introduction bypassed the standard vetting process applied to direct hires.
Internal Slack messages show Knapp worked on core MetaMask platform code, including parts related to crypto-to-fiat currency conversion through third-party payment providers. His GitHub contributions began on 9 March 2026 and stopped abruptly in April, coinciding with the termination of his access. The window of access lasted approximately one month.
Internal Response
When Consensys identified the threat, general counsel Matt Corva issued an urgent company-wide email ordering all product releases to be suspended immediately pending investigation. The email, marked for immediate attention, instructed staff not to interact with Knapp and to preserve any documents or communications they had with him.
The email read: “All product releases are to be suspended immediately pending investigation. Please pause or cancel any in-flight releases while we investigate.”
Consensys subsequently confirmed the consultant was linked to North Korea, notified law enforcement, and handed over all relevant information.
What the Company Says
Corva said the investigation confirmed no assets or data were misappropriated, no malicious code was deployed, and user safety and security were not affected.
“Very quickly after being introduced, we discovered the threat, followed our security protocols, immediately terminated any access and launched a comprehensive investigation,” Corva said in a statement to Drop Site News.
He framed the incident as evidence that the company’s security protocols work even against what he described as persistent and complex nation-state level threats. Consensys has since launched a review of its practices for outsourcing engineering work through third-party providers.
According to blockchain intelligence firm TRM Labs, North Korea-linked activity accounts for approximately 66% of all dollars stolen in crypto hacks globally. The ByBit hack last year, estimated at $1.5 billion, was attributed to North Korean hackers.
In May this year, two American nationals received 18-month prison sentences for separate schemes facilitating North Korean remote workers, schemes that collectively affected nearly 70 US companies and generated over $1.2 million in illicit revenue.
Related: Galaxy Digital Lands $70M Texas Tech Stadium Deal, Expands AI and Crypto Presence
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.