ZachXBT Accuses Solana’s ElementalDeFi of Hiring DPRK Worker

According to ZachXBT’s findings, the ElementalDeFi DPRK worker operated under a false identity. The operative allegedly served North Korean interests while performing typical engineering tasks on the protocol.

What ZachXBT Found

ZachXBT’s investigation relied on open-source intelligence and on-chain analysis. He reportedly identified the individual through employment records, LinkedIn profiles, code contributions, and wallet activity linked to known DPRK patterns.

ElementalDeFi allegedly paid the worker through its development budget for years. During that time, the operative gained access to repositories, internal tools, and potentially sensitive infrastructure.

ZachXBT has previously documented dozens of similar cases. In earlier investigations, he exposed networks that used over 30 fake identities to target crypto firms. As a result, his track record makes him one of the most credible independent on-chain investigators.

How DPRK Operatives Infiltrate Crypto Projects

North Korean IT workers have targeted the crypto industry for at least seven years. These operatives typically create fake freelance profiles on platforms like Upwork or LinkedIn, complete with stolen or forged credentials.

Once hired, they gain access to codebases, internal communication channels, and sometimes private keys. State-sponsored groups like Lazarus Group direct many of these operations. Their goals include generating foreign currency for the regime and potentially planting backdoors.

DPRK-linked hackers have stolen billions in crypto assets over the past several years. The Bybit hack in February 2025 alone cost the industry over $1.5 billion, according to industry estimates. ZachXBT has described their recruitment tactics as “relentless.”

Why the ElementalDeFi DPRK Worker Went Undetected

ElementalDeFi is a Solana-native protocol that offers lending, borrowing, and yield products. Like many smaller DeFi teams, it relied on remote developers and contractors to build and maintain its smart contracts.

This decentralized hiring model prioritizes speed and cost over rigorous vetting. Without centralized HR processes or robust KYC for contractors, projects can unknowingly hire sanctioned individuals. ZachXBT has repeatedly warned the industry about this exact vulnerability.

The multi-year employment suggests a sustained breach of operational security. It raises questions about whether the ElementalDeFi DPRK worker compromised sensitive code, user data, or private keys during that time.

Community Reacts to ElementalDeFi DPRK Worker Allegations

ElementalDeFi has not yet issued a detailed public response. Analysts continue to comb through the project’s on-chain activity and smart contracts, searching for unusual transaction patterns.

The broader Solana DeFi community has reacted with concern. Solana has become a major hub for DeFi innovation, so any perception of lax security could slow institutional adoption. It could also trigger increased regulatory scrutiny of the ecosystem.

Regulatory bodies and sanctions enforcement agencies may also take notice. Employing DPRK nationals can violate international sanctions. If confirmed, the incident could lead to delistings, frozen assets, or legal consequences.

What Happens Next for ElementalDeFi

The team will likely conduct an internal audit and issue a formal statement. Independent investigators may review codebases and access logs for signs of compromise.

Users of the protocol should monitor their positions closely. Withdrawing liquidity may be prudent until a thorough security review concludes. This is not financial advice, and users should assess their own risk tolerance.

The incident could prompt other Solana DeFi projects to re-examine hiring practices. Stricter background checks for remote contractors may become standard, especially as the FBI continues to issue warnings about DPRK infiltration.

For now, ZachXBT’s accusation serves as another reminder that sanctions compliance and supply-chain security remain critical in decentralized finance.