Google warns Solana projects that North Korean hackers are increasingly targeting European initiatives
The report mentions that one such employee used 12 fake identities in the US and Europe and looked for work by forging references.
Shaurya Malwa | Edited by Parikshit Mishra on 2 April 2025, 9:58 UTC
Key points:
- North Korean IT specialists are stepping up their cyber activity in Europe, targeting blockchain initiatives, according to a report from Google Cloud.
- North Korean agents disguise themselves as legitimate remote workers to infiltrate companies and steal confidential data to fund the regime.
- The report focuses on the use of fake identities and highly skilled programming skills in their operations, including developing applications using blockchain and artificial intelligence.
A Google Cloud report released Wednesday found that North Korean “IT workers” are increasing illicit cyber activity across Europe, targeting blockchain projects.
Initiatives based on the popular Solana platform, including apps and job boards, are facing a growing number of attacks. Actors from the Democratic People's Republic of Korea (DPRK) are posing as legitimate remote workers to infiltrate companies, take over critical systems, and steal sensitive data that will likely be sold to “fund the regime.”
The increased threat in Europe comes as a focus on North Korean-linked organizations faces indictments from the Justice Department and stricter recruitment controls in the U.S.
The report says one such worker used 12 fake identities in the US and Europe and sought work by forging references, establishing connections with recruiters and using additional identities under his control to bolster his reputation.
It's not that the workers lack programming skills: they've worked on a variety of projects, including a token hosting platform using Next.js, React, and CosmosSDK, and they've also built an entire job exchange using Solana.
Other blockchain projects included smart contract development using Anchor and Rust. One employee even built an artificial intelligence (AI) web application using Electron, Next.js, and blockchain apps.
The main reason may be workplaces where employees are allowed to use personal devices.
“(Google Cloud) believes that IT workers identified BYOD environments as potentially fertile ground for their schemes, and in January 2025, IT workers began conducting operations against their employers in such environments,” the report states.
“Global expansion, extortion tactics, and use of virtualized infrastructure highlight the adaptive strategies employed by North Korean IT professionals.”
North Korean organizations and hacker groups are considered one of the biggest threats in the crypto ecosystem, having stolen around $1.3 billion from projects in 2024 and hacking the Bybit cryptocurrency exchange in February for $1.5 billion.
