Share this article
Google Warns Solana Projects That North Koreans Are Increasingly Targeting European Projects
The report reveals that one such worker juggled 12 fake personas across the U.S. and Europe and sought employment by fabricating references
Apr 2, 2025, 9:58 a.m.
What to know:
- North Korean IT workers are increasing cyber activities in Europe, targeting blockchain projects, according to a Google Cloud report.
- DPRK operatives pose as legitimate remote workers to infiltrate companies and steal sensitive data to fund the regime.
- The report highlights the use of fake personas and sophisticated coding skills in their operations, including developing blockchain and AI applications.
North Korean “IT workers” are increasing illicit cyber activity across Europe with an eye on blockchain projects, Google Cloud warned in a Wednesday report.
Projects built on the popular Solana network, including applications and job boards, are getting hit by the rising attacks. Democratic People's Republic of Korea (DPRK) operatives pose as legit remote workers to infiltrate companies, take over critical systems and steal sensitive data which is likely sold to “generate revenue for the regime.”
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
The increased threat in Europe is a shift from a U.S.-heavy focus as DPRK-linked entities faced heat from DOJ indictments and tighter hiring scrutiny stateside.
The report reveals that one such worker juggled 12 fake personas across the U.S. and Europe and sought employment by fabricating references, building a rapport with job recruiters, and using additional personas they controlled to vouch for their credibility.
It’s not like the workers lack coding chops either: Workers were found taking projects ranging from token hosting platform using Next.js, React and CosmosSDK, and Golang, and even created an entire Solana-based job marketplace.
More blockchain-related projects involved Anchor and Rust smart contract development. One worker even developed an artificial intelligence (AI) web application using Electron, Next.js, and blockchain applications.
A key culprit may be workplaces that let employees use their own devices.
“(Google Cloud) believes that IT workers have identified BYOD environments as potentially ripe for their schemes, and in January 2025, IT workers are now conducting operations against their employers in these scenarios,” the report said.
“Global expansion, extortion tactics, and the use of virtualized infrastructure all highlight the adaptable strategies employed by DPRK IT workers.”
DPRK entities and hacking groups are one of the biggest threat actors in the crypto ecosystem, stealing an estimated $1.3 billion from projects in 2024 and conducting a $1.5 billion hack on crypto exchange Bybit in February alone.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Crypto Market Today: Bitcoin-gold ratio drops to lowest since January 2024
Bitcoin rose since midnight UTC, while remaining locked in the $86,000-$90,000 range. Against gold, however, it's still falling.
What to know:
- Bitcoin's price remains volatile, trading between $86,000 and $90,000, while its ratio to gold hit a low not seen since January 2024.
- Funding rates for several major tokens have turned negative, indicating a buildup of short positions in the futures market.
- Yearn Finance's YFI token dropped nearly 6% after the yield aggregator suffered a $300,000 exploit from a legacy smart contract, its second attack this month.
Top Stories
