People Security, Pillar 01
In Web3, the insider threat is not just a disgruntled employee. It is a pseudonymous contractor with deployer access, a DPRK-trained developer embedded for eighteen months, and a trusted community manager who was never who they said they were. We find them before they act.
Traditional insider threat programmes assume you know who your employees are. Web3 organisations frequently do not. Contributors operate under pseudonyms, contractors join from referrals with minimal verification, and remote-first hiring pipelines create natural gaps that state-sponsored threat actors actively exploit. Conventional cybersecurity monitoring services were not designed for this environment.
Our insider threat risk reviews assess your organisation against the specific threat models relevant to Web3: nation-state IT worker infiltration, opportunistic insiders with privileged access, and compromised contributors whose credentials or accounts have been taken over. We combine access pattern analysis, identity verification review, and security governance assessment to give you a clear picture of where your insider risk actually sits.
Work is delivered through our internal consultancy team and a curated network of specialist partner firms, rigorously vetted for technical depth and professional integrity in the Web3 space.
The DPRK Problem
“The FBI and CISA estimate that thousands of North Korean IT workers are currently embedded in Western technology companies, including crypto projects, under false identities. They do not just collect intelligence, they retain privileged access that can be activated for a theft operation at a moment of Pyongyang's choosing.”
Six Months to Trust. One Click to Lose $37M.
“DPRK’s TraderTraitor group spent six months targeting CoinsPaid employees via LinkedIn, sending fake recruitment messages and interview invitations from convincing company personas. In July 2023, an employee accepted what appeared to be a technical skills assessment, and installed a tool that contained malware. The attackers used the resulting foothold to extract internal credentials and drain $37.3M from the payment processor. The operation had been running in parallel with normal business for half a year before it activated.”
Effective cybersecurity defense in Web3 requires treating insider risk as a first-class threat. Cyber defense solutions that focus only on external attack vectors leave the most dangerous attack surface unmonitored. Your next breach may already be sitting in your contributor list.
Know Your Threat
Insider threats are not a single type of risk. In Web3 specifically, they span four distinct profiles, each requiring a different detection and mitigation approach.
DPRK IT workers and similar nation-state actors operating under false identities with a long-term objective. Patient, technically capable, and operating as a coordinated network rather than lone individuals.
Genuine team members or contributors who become a threat due to financial pressure, grievance, or simply because an opportunity presents itself and access controls do not prevent it.
A legitimate contributor whose credentials, device, or accounts have been taken over by an external attacker. From the inside they look like a trusted team member, access logs show nothing unusual until the attack begins.
Vendors, auditors, integration partners, and tooling providers who have access to your systems or sensitive data. Supply chain risk is insider risk once access is granted, and it often is, without adequate review.
