A fresh Google Cloud report has revealed a disturbing rise in North Korean cyber activity targeting European blockchain projects, particularly those built on the Solana network. Hackers, posing as IT professionals, are infiltrating companies, stealing sensitive data, and using advanced coding skills to manipulate crypto ecosystems—all to fund the DPRK regime.

North Korean Hackers Shift Focus to Europe

Historically, North Korean cyber operatives focused on the U.S., but increasing legal pressure and DOJ indictments have forced them to shift their operations to Europe. Google’s report highlights how these attackers pose as legitimate remote workers, infiltrate companies, and eventually gain control over critical systems.

One particularly deceptive worker reportedly juggled 12 fake personas across the U.S. and Europe, fabricating references and even using additional fake identities to vouch for their credibility.

Blockchain Projects Under Attack

DPRK hackers are not just scammers—they are skilled developers. They have taken on projects involving:

• Solana-based applications and job marketplaces
• Smart contract development using Anchor and Rust
• Token hosting platforms using Next.js, React, CosmosSDK, and Golang
• AI-powered blockchain applications built with Electron and Next.js

With deep technical knowledge, these hackers don’t just steal—they build entire platforms, increasing their credibility and reach within the industry.

BYOD Environments: A Weak Spot for Companies

One of the biggest vulnerabilities is the Bring Your Own Device (BYOD) policy, where companies allow employees to use personal laptops and unsecured networks. Google warns that hackers exploit these environments, embedding malware and executing attacks from within.

Google Cloud’s report notes that in January 2025, these IT operatives expanded their global attacks, focusing on workplaces with weaker cybersecurity measures.

Crypto’s Biggest Threat: DPRK’s $1.5B Heist

North Korea’s cyberattacks are more than just an annoyance—they represent one of the biggest financial threats to the crypto industry. In 2024 alone, DPRK-linked hackers stole $1.3 billion, with a massive $1.5 billion hack on Bybit in February 2025.

As these threats evolve, blockchain projects—especially those in Europe—must tighten their hiring processes, enhance cybersecurity, and scrutinise remote workers to prevent infiltration. Otherwise, they risk becoming the next victims in North Korea’s multi-billion-dollar crypto heist.