๐Ÿšจ Security Alert: North Korean Developer Gains Access to Waves Protocol Codebase

According to PANews, a North Korean-linked developer has reportedly gained elevated access to the Keeper-Wallet codebase within the Waves Protocol.

๐Ÿ” Key Findings:

The developer account in question, 'AhegaoXXX', has been actively pushing updates since May 2025 to a previously dormant branch.

The account is reportedly tied to a North Korean IT outsourcing firm.

A code review flagged one update that could transmit wallet logs and runtime errors to an external database, raising concerns over mnemonic phrase and private key leakage.

๐Ÿงช Additional Threats:

Though the malicious code has not been merged, the attacker:

Published six outdated but malicious NPM packages

Gained access via the compromised account of former Waves engineer Maxim Smolyakov


๐Ÿง  Implications:

This incident signifies a tactical shift in North Korean cyber operations โ€” from covert outsourcing participation to direct control of open-source codebases.

๐Ÿ›ก๏ธ Recommended Actions for Dev Teams:

Audit contributor permissions regularly

Remove or restrict dormant/unused accounts

Monitor code repository redirects and package updates

Implement robust supply chain defense mechanisms


โš ๏ธ For Users:

While the number of affected downloads remains low, users updating the Keeper-Wallet may face credential exposure risks. Exercise caution and await official updates from the Waves team.

Stay alert. Strengthen your security posture. Supply chain attacks are evolving.

#CyberSecurity #CryptoSecurity #NorthKoreaHackers #BlockchainSecurity #CryptoClause