Ketman identifies a suspected DPRK IT worker-related GitHub account, AhegaoXXX, with privileged control over the Keeper-Wallet organization tied to Waves Protocol. After nearly two years of inactivity, the account pushed dependency updates, could create repositories and branches, and could trigger npm releases. A suspicious Keeper-Wallet-Extension change attempted to exfiltrate wallet logs and errors to an external database, which Ketman assesses could expose wallet keys or mnemonics. The report also points to likely compromise of Maxim Smolyakov’s GitHub/npm identity and possible web3tech.ru-linked maintainer account exposure, underscoring supply-chain risk from stale privileged developer accounts.