

A Shadowy Secret: Intelligence Infiltration of Web3 Projects


While the aim of our due diligence process is to assess risk and provide advisory services, it can also lead to interesting discoveries on off-chain happenings. CertiK recently uncovered indications that Iranian intelligence operatives could be actively attempting to infiltrate some crypto projects early in their development phase. In this article, our team of former law enforcement investigators and intelligence analysts share their findings and give their expert takeaways on how to preserve the integrity of the Web3 industry.

How a Due Diligence Investigation Stumbled Upon an Undercover Government Operation
CertiK is a Web3 cybersecurity company that provides a wide array of security, research and due diligence services. As part of our advisory service, CertiK conducts in-depth Web3 security investigations and technical assessments on behalf of institutional investors, Fortune 500 companies, and crypto exchanges. While conducting an assessment for a specific Web3 project, CertiK investigators detected that some of the core developers were actively concealing their existence from us. Once discovered, the stealth development team eventually agreed to give us more information about their motive for hiding. In doing so, they told us a story with ramifications for everyone in crypto.
According to the project’s lead developer, soon after he launched his Web3 project in his home country of Iran, he was summoned to the local Islamic Revolutionary Guard Corps offices. Once on site, intelligence agents began by asking him to “cooperate” with them. The developer was reluctant to compromise the integrity of his project by giving up any degree of control without informing the community of such a measure. Unsurprisingly, the Revolutionary Guards were not impressed. They quickly progressed from firm requests to aggressive manipulation techniques. They held the developer for multiple weeks in solitary confinement in a room that measured just 2x1 meters: barely enough room to lie down. They combined this with a variety of persuasion techniques, aggressive interrogation, and threats.
The developer explained to us that it was very difficult for him to endure this mental torture over such an extended time period. While he was undergoing this, the intelligence operatives wanted him to keep working on his Web3 venture to maintain the facade that everything was going well while they retained ultimate control over the project.
After finally convincing the operatives that he was sufficiently “broken” and would continue to cooperate, they allowed him to return home. Instead of complying, the developer leveraged the resources of his network and on-chain assets to flee the country, obtain a new nationality, and start another Web3 project with other developers who fled the country for similar reasons. The developer explained that because of this defection, he could not return to Iran, and his team was now working in stealth mode in order to avoid potential extraterritorial retaliation.
A Credible Threat to Web3
According to our investigators, who have participated in multiple international undercover operations during their time in law enforcement, there is credibility to these reports. We also discovered a trend of several other developers working in stealth mode behind other Web3 projects due to similar concerns. These intelligence and investigative observations suggest there could be a systematic effort on the part of some intelligence services to infiltrate the crypto industry by targeting specific developers.
Our investigators noted the source’s claims were consistent with how unilateral undercover operations can be conducted by state actors to advance their national interests. In certain countries (including some that do not have a reputation for having a “repressive regime” like Iran) threatening to prosecute a software developer unless they become an active informant or agent is a common practice. Operatives call this the “flipping” tactic, as it consists of converting a potential adversary into a confidential informant. Our investigators added that these undercover operations are especially focused on encryption specialists, because the control of encryption-related technologies and applications is key to national security and sovereignty.
These findings suggest a fundamental risk for a number of people involved in crypto and Web3. In the short term, some software developers may face legitimate risks to their personal security. In the long run, once a state organization secretly gains control of a crypto project, they could use their leverage to access confidential data, insert intentional zero-day vulnerabilities, distribute malware, mobile backdoors, and use these integrated systems to conduct surveillance, censorship, extortion, or cause significant damage to specific targets in the future.
Preserving Web3 Integrity
It does not come as a surprise that state agencies are specifically targeting Web3 projects and attempting to infiltrate them. As new blockchain applications continue to gain adoption, they have become strategic targets for geopolitical influence and intelligence operations.
Web3 developers should consider the legal protections and potential risks they may face in the jurisdiction where they operate, particularly from state agencies and institutions.
From a cybersecurity standpoint, it is crucial for the Web3 industry to raise its standard for due diligence and risk management to preserve the integrity of the industry. The hidden risks associated with Web3 projects can have severe consequences for the security of individuals and organizations involved in or with these projects, including operational, reputational, and legal damage.
The anonymity and pseudonymity inherent to crypto is important to protect the security of users and developers worldwide. However, these features can also be exploited by repeat scammers to evade responsibility for their actions. A balance between privacy and transparency is crucial. CertiK’s KYC process keeps private information private while allowing teams to demonstrate their commitment to transparency.
We recommend that organizations seeking to engage with Web3 projects deploy due diligence efforts proportional to the cyber risks at stake. A comprehensive risk assessment can help organizations to detect potential issues and take appropriate measures to mitigate them. The CertiK expert advisory team is composed of 250+ seasoned security engineers, data scientists, intelligence analysts, and criminal investigators, and has acquired a unique expertise in working with over 3,700 Web3 projects on security matters over a five-year period. Not only is this team able to conduct in-depth risk assessments of Web3 projects or ecosystems, but they are also able to recommend and deploy ad-hoc cybersecurity measures, such as tailored technical audits, on-chain monitoring, penetration testing, bug bounty programs, and cyber-incident management programs.
CertK Editor’s note: Due to concerns for the safety of our sources, some details have been intentionally modified and the report has been redacted of any detail that could lead to the identification of the alleged victims or their location. As part of our core mission to secure the Web3 world, CertiK is regularly contacted by victims of crypto crimes, and provides investigation reports to law enforcement authorities in order to support their effort to prosecute criminal operators.
This is a guest post from CertiK originally published here.
Listen to the Twitter Space interview with Shana, a CertiK investigator on the research team behind the article.
One of our investigators will be discussing this in a Twitter Space shortly! Tune in to see how it unfolded and what it means for the integrity of #Web3 projects https://t.co/Yzw2DmdjSs
— CertiK (@CertiK) February 3, 2023
What is CertiK:
CertiK is a blockchain security firm that helps projects identify and eliminate security vulnerabilities in blockchains, smart contracts, and Web3 applications using its services, products, and cybersecurity techniques.
Where to find CertiK:
Website | Twitter | Medium | Telegram | YouTube |
This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $1500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.
This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $2500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.
If you need tools and strategies regarding safety and crypto education, be sure to check out the Tutorials, cryptonomics explainers, and Trading Tool Kits from BSC News.
Want the latest DeFi secrets delivered directly to your inbox every week from a leading industry expert? Instantly learn about strategies that could have you earning APYs of up to 69,000% with DeFi Maximizer. Sign up today and enjoy a 25% discount off of your first month!
Looking for a job in crypto? Check out the CryptoJobsNow listings!
Author
Related News


Community Engagement Showdown: Exploring The Strategies Of DogeMiyagi, Chainlink, And Ripple

DogeMiyagi stands out with its unique approach and entertaining nature, appealing to a wide audience and fostering community involvement.
Community engagement strategies play a pivotal role in shaping the success and growth of various platforms in the realm of cryptocurrency. This article explores and analyzes the community engagement strategies employed by three prominent players in the crypto space: DogeMiyagi, Chainlink, and Ripple. By examining their approaches and their impact on platform growth, this article aims to shed light on the diverse strategies employed within the industry.

DogeMiyagi: Embracing Camaraderie And Memes
DogeMiyagi, a captivating new meme token, has emerged with a unique approach to community engagement. Inspired by the legendary martial arts master, Mr. DogeMiyagi, this platform harnesses the power of camaraderie and the indomitable spirit of its community. With a comical tone, DogeMiyagi appeals to individuals seeking both entertainment and investment opportunities in the crypto-verse.
The platform encourages users to connect their wallets and generate unique referral codes, allowing them to easily share the opportunity with friends, family, and online connections. Each time someone uses their code to purchase $MIYAGI tokens, they earn a generous 10% commission on the investment, automatically credited to their wallet. This incentivized referral system promotes community involvement and rewards active participants, fostering a sense of belonging and collective growth.

Chainlink: Empowering The Decentralized Oracle Network
In contrast to DogeMiyagi's lighthearted approach, Chainlink focuses on building a robust decentralized oracle network that connects smart contracts with real-world data. With a strong emphasis on reliability and security, Chainlink's community engagement strategy revolves around educating and collaborating with developers, enterprises, and blockchain enthusiasts.
Chainlink actively engages with the community through various channels such as developer grants, hackathons, and forums. They provide comprehensive documentation, tutorials, and developer resources to encourage the integration of Chainlink's oracle solutions into diverse blockchain ecosystems. By fostering collaboration and supporting developers, Chainlink aims to establish itself as the go-to oracle provider in the industry, driving growth through partnerships and innovation.
Ripple: Facilitating Cross-Border Transactions
Ripple, a renowned player in the crypto space, offers a unique approach to community engagement with a specific focus on facilitating seamless cross-border transactions. Ripple's platform aims to revolutionize the traditional financial system by providing faster and cost-effective international payment solutions.
Ripple engages with its community by partnering with financial institutions and industry leaders, building a network that enables frictionless global transactions. Through educational initiatives, conferences, and webinars, Ripple educates both consumers and businesses about the benefits of blockchain technology and its potential to transform the financial landscape. By collaborating with established players and advocating for regulatory clarity, Ripple seeks to create an environment conducive to the widespread adoption of cryptocurrencies, thus driving its own growth and that of the crypto industry as a whole.

In the crypto landscape, community engagement strategies play a pivotal role in shaping the growth and success of platforms. DogeMiyagi's approach, driven by camaraderie and a comical tone, taps into the power of memes and incentivized referrals, fostering a strong community bond. Chainlink, on the other hand, focuses on education, collaboration, and technological innovation to position itself as a trusted oracle provider. Ripple's strategy revolves around partnerships, regulatory advocacy, and the facilitation of cross-border transactions to drive the adoption of blockchain-based financial solutions.
While all three platforms demonstrate their strengths and contributions to the crypto industry, DogeMiyagi's unique approach and entertaining nature set it apart. Its emphasis on camaraderie, memes, and incentivized referrals appeals to a wide audience and fosters a strong sense of community involvement.
For those interested in exploring the world of cryptocurrencies and discovering unique opportunities like DogeMiyagi, join the meme coin revolution, and embark on an exciting journey with DogeMiyagi.
This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $1500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.
This is a paid press release, BSC.News does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. The project team has purchased this advertisement article for $2500. Readers should do their own research before taking any actions related to the company. BSC.News is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release.
Follow us on Twitter and Instagram!
If you need tools and strategies regarding safety and crypto education, be sure to check out the Tutorials, cryptonomics explainers, and Trading Tool Kits from BSC News.
Looking for a job in crypto? Check out the CryptoJobsNow listings!

Swap Now

Sign up Now
Coming Soon

Bet Crypto

Claim Bonus
Coming Soon

Sign Up Now

Earn Now

What is this?

Play Now

Sign Up Now
Coming Soon
Editors Choice
Other Currencies
- nameLTBuyLitecoin
Sponsored
Buy Crypto with Fees as low as 0%
Buy Crypto with a bank transfer, credit or debit card, P2P exchange, and more. Not investment advice. All trading risk. Terms apply.
£0£0+0% - nameLTBuyEOS
Sponsored
Buy Crypto with Fees as low as 0%
Buy Crypto with a bank transfer, credit or debit card, P2P exchange, and more. Not investment advice. All trading risk. Terms apply.
£0£0+0% - nameLTBuyMonero
Sponsored
Buy Crypto with Fees as low as 0%
Buy Crypto with a bank transfer, credit or debit card, P2P exchange, and more. Not investment advice. All trading risk. Terms apply.
£0£0+0% - nameLTBuyBitcoin Cash
Sponsored
Buy Crypto with Fees as low as 0%
Buy Crypto with a bank transfer, credit or debit card, P2P exchange, and more. Not investment advice. All trading risk. Terms apply.
£0£0+0%