Overview
- Reporting published July 17 reveals a consultant using the alias “Tyler Knapp” and GitHub handle “imyugioh” contributed to MetaMask code before Consensys cut access in April 2026.
- Public GitHub commits and internal Slack messages show the developer began contributing on March 9, 2026 and had roughly one month of access to core wallet code including features that connect users to third-party fiat payment providers.
- Consensys immediately suspended product releases, terminated the consultant’s access, launched an internal probe, and told law enforcement that its investigation found no stolen assets, no malicious code, and no user impact.
- The company says the consultant was hired through a third-party service provider but has not publicly explained how it linked the identity to North Korea, while the published evidence relies on internal messages and public GitHub records obtained by Drop Site News.
- Security firms say this case fits a wider pattern of DPRK-linked actors exploiting remote hiring to reach crypto infrastructure and has prompted Consensys to review contractor vetting and third-party hiring practices.