A new Google Cloud report has raised alarms over North Korean cyber operatives ramping up attacks on European blockchain projects, particularly those built on Solana. These state-backed hackers are infiltrating companies by posing as legitimate IT workers, stealing sensitive data, and funnelling stolen funds back to the DPRK regime.
From the U.S. to Europe: A New Focus
For years, North Korean cybercriminals primarily targeted U.S. crypto firms. However, after facing DOJ crackdowns and stricter hiring policies, they have now shifted their focus to European blockchain projects.
These hackers disguise themselves as remote developers, fabricating references and online personas to secure jobs. Google’s report exposed one such hacker juggling 12 fake identities across the U.S. and Europe, even using other fake profiles to vouch for their legitimacy.
Hacking Through Legitimate Jobs
These North Korean operatives are not just imposters; they are skilled coders. They’ve worked on:
Solana-based job marketplaces
Smart contract development with Anchor and Rust
AI web applications built with Electron and blockchain integrations
With access to critical systems, these hackers steal data, breach security protocols, and potentially plant backdoors for future attacks.
BYOD Environments: A Weak Link
Google Cloud’s report highlights Bring Your Own Device (BYOD) policies as a major vulnerability. Many firms allow employees to use personal laptops for work, making it easier for malicious IT workers to bypass security measures and conduct attacks.
“IT workers have identified BYOD environments as potentially ripe for their schemes,” the report states, warning that hiring remote workers without proper vetting could lead to devastating breaches.
DPRK’s Growing Crypto Crime Network
North Korean hacking groups remain one of the biggest threats to the crypto industry, stealing $1.3 billion in 2024 alone. In February 2025, they orchestrated a $1.5 billion hack on Bybit, making it one of the largest crypto heists ever.
With adaptable tactics, sophisticated cyber strategies, and global reach, these DPRK-backed hackers show no signs of slowing down. For blockchain firms, tightening security, verifying employees rigorously, and restricting BYOD policies may be the only way to stay ahead of the threat.
