On-chain investigators noticed suspicious activity in the GitHub repository of Waves Protocol, an early cryptographic project dating back to 2018. Github activities can affect Keeper Wallet’s repository and be compromised by wave ecosystem users.
The Waves protocol can be corrupted by malicious code introduced in older GitHub repositories. Investigators discovered the activity in a Keeper Wallet report after two years of renewal. Newly added code may be traced to a DPRK Hackerit appears that he has fully qualified on the project Github.
The discovery comes as the waves are about to revive the project and begin the waves in the summer of 2025. Newly introduced code can put new users at risk.
1/☀☀§Waves Summer 2025 – Turning the trend
The next 90 days will rebuild the waves and turn them into AI native, L2 integration, and institutionally fixed blockchain powerhouses.
This is the upcoming 👇🌊pic.twitter.com/r5uycngrsa
– Waves🌊 (@wavesprotocol) June 18, 2025
Wave was one of the famous ICOs of 2018, but managed to raise just $18 million. Waves are also prominent in early cryptographic ecosystems, and are one of the first protocols to provide a tokenized version of BTC. Wave Protocol was also a venue for multiple crypto frauds and fake tokens.
The waves were largely forgotten after the crash of the native wave token, which rose 93% from its peak above $55 in 2022. The waves later sank to their recent low of $0.99.
The project founder, Sasha Ivanov, reportedly used USDN stubcoins to pump the waves, which later led to a series of lagpurs. The waves used chaotic, early stage defi, causing losses of up to $500 million. However, unlike FTX, Luna and other crashes in 2022, the waves were not investigated and the events were forgotten.
In 2025, Waves are about to return with a double risk of financial loss and a totally infringed wallet risk.
Wave Repos linked to DPRK Hacking Activities
Researchers at Ketman Threat Intelligence were scanning the GitHub repository for signs of hacking and involvement of DPRK contributors. Scanning follows several cases DPRK Developer It has permeated some of the biggest crypto projects.
The Keeper Wallet Repository has given suspicious activity in the Keeper Wallet Repository, which provides access to browser extension wallets specifically created for the wave ecosystem.
The Keeper Project is a wave spinoff and does not share the team. The Early Waves team was also involved in building the wallet. Then, in the last three weeks, the repository began receiving new code.
The suspicious accounts had full permissions, allowing them to control the repository and even create new wallet releases. Wallet release rights were linked to one github accountsuspected to belong to the DPRK hacker. The account contained a potentially dangerous download link for Keeper Wallet.
So far, there have been no new releases of Keeper. Current wallets are considered relatively safe. However, new releases can be questionable and can cause harm, especially if the expected wave marketing is expected.
Github contributor Ahegaoxxx pushes wallet logs and error-extracted updates to external databases, which can undermine privacy and may be malicious. The code may have the ability to record wallet keys and phrases, but for now it has not been added to the latest wallet releases.
Some of the code linked to the Keeper Wallet is published by the developer’s account Maxim Smorikovleading investigators to doubt some form of account acquisition.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
