A fresh wave of cyber threats is hitting European blockchain projects, with North Korean operatives posing as legitimate remote workers to infiltrate companies. Google Cloud’s latest report highlights a strategic shift in DPRK-backed attacks, which were previously focused on the U.S. but are now expanding into Europe.
Fake Identities and Deep Infiltration
North Korean cybercriminals are forging multiple identities to gain access to blockchain firms. Google uncovered one individual juggling 12 fake personas across the U.S. and Europe, faking references and even building rapport with job recruiters.
These operatives are skilled developers, working on Next.js, React, CosmosSDK, and Golang to create token hosting platforms, job boards, and even full-fledged Solana-based marketplaces. Their presence is increasingly being felt in smart contract development using Anchor and Rust, alongside AI-driven blockchain applications.
Why Solana Projects Are Prime Targets
Solana-based platforms and blockchain job boards have become key targets. The report suggests North Korean actors are not just stealing data but also using their access to take over critical systems and generate illicit revenue for the regime.
One of the biggest vulnerabilities lies in Bring Your Own Device (BYOD) work environments, where employees use personal devices for work. Hackers exploit these systems, gaining deep access and launching attacks from within.
A Billion-Dollar Crypto Crimewave
DPRK-linked groups are among the biggest threats in the crypto industry, having stolen an estimated $1.3 billion from blockchain projects in 2024. Their largest hit came in February 2025, when they hacked Bybit for $1.5 billion, setting a record for one of the biggest crypto heists in history.
How Crypto Firms Can Defend Themselves
As North Korean cyber operations evolve, blockchain companies must tighten hiring processes, verify employee credentials rigorously, and limit access to sensitive systems. Avoiding BYOD environments and implementing strict cybersecurity policies could be key to preventing costly breaches.
With the DPRK’s tactics becoming more sophisticated, the crypto world faces a growing challenge: staying ahead of an increasingly well-organised cyber army.
