North Korean Hackers Expand to EU, Target Blockchain Firms as Remote Devs

  • North Korean cyber operatives have expanded operations to target blockchain startups in the EU and UK, posing as remote developers.
  • Google Threat Intelligence Group reports that these workers operate under multiple fake identities to bypass security checks and generate revenue for the North Korean regime.
  • Recent activities include extortion threats from laid-off DPRK developers blackmailing former employers with threats to leak source code.

Google has revealed that North Korean cyber operatives are expanding their target range beyond U.S. companies to include blockchain startups across Europe. According to a report released Tuesday by Google’s Threat Intelligence Group (GTIG), IT workers linked to North Korea have embedded themselves in crypto projects throughout the UK, Germany, Portugal, and Serbia, posing serious security risks to these organizations.

- Advertisement -

The report indicates that these operatives have infiltrated various blockchain projects, including marketplaces, AI web applications, and the development of Solana and Anchor/Rust smart contracts. One instance involved building a Nodexa token Hosting platform, while other cases included creating blockchain job marketplaces and AI-enhanced blockchain tools.

“In response to heightened awareness of the threat within the United States, they’ve established a global ecosystem of fraudulent personas to enhance operational agility,” said GTIG adviser Jamie Collier in the report. Some workers reportedly operated under as many as 12 fake identities simultaneously, using falsified credentials from Belgrade University and fake residency documents from Slovakia.

These cyber operatives receive assistance from facilitators in the UK and U.S. who help them bypass identity verification processes and receive payments through services like TransferWise, Payoneer, and cryptocurrency platforms, effectively concealing funds flowing back to North Korea.

Rising Extortion Threats

Since October 2024, GTIG has observed an increase in extortion attempts as terminated North Korean developers have started blackmailing former employers by threatening to leak proprietary information and source code. This aggressive behavior coincides with “heightened United States law enforcement actions against DPRK IT workers,” according to Google’s report.

Last December, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two Chinese nationals for laundering digital assets to benefit North Korea’s government. In January, the Justice Department indicted two North Korean nationals for operating a fraudulent IT work scheme that compromised at least 64 U.S. companies between 2018 and 2024.

- Advertisement -

Broader Cyber Threat Network

In March, Paradigm security researcher Samczsun warned that North Korea’s cyber strategy extends beyond the state-backed Lazarus Group, which has been connected to major cryptocurrency hacks. “DPRK Hackers are an ever-growing threat against our industry,” Samczsun noted, describing various subgroups specialized in social engineering and supply chain attacks.

This February, hackers associated with Lazarus stole $1.4 billion from crypto exchange Bybit, later routing the funds through coin mixers and decentralized exchanges.

- Advertisement -

GTIG warns that many crypto startups remain vulnerable due to their heavy reliance on remote talent and bring-your-own-device work environments, often lacking proper security monitoring tools. This vulnerability is precisely what North Korean operatives are exploiting through “the rapid formation of a global infrastructure and support network,” according to Collier.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest

Cudis Smart Ring Rewards Healthy Habits With Crypto on Solana

Cudis has introduced an AI-powered smart ring and launched a new CUDIS token to reward users for tracking health habits. The CUDIS token operates on...

CPAs Urged to Boost Crypto Knowledge as Regulations Evolve in 2025

CPAs are advised to update their knowledge of cryptoassets due to recent regulatory progress and increased adoption.New federal and state rules, spot crypto ETFs,...

Wandercraft Unveils Calvin 40, a Headless Humanoid for Industry

Wandercraft, a French company known for medical exoskeletons, has created a new humanoid robot called Calvin 40. Calvin 40 was built in 40 days and...

Coinbase, BiT Global Settle Lawsuit Over wBTC Delisting Dispute

Coinbase and BiT Global ended their legal dispute over the wrapped Bitcoin (wBTC) token delisting.BiT Global agreed to dismiss its lawsuit against Coinbase permanently,...

Ethereum Pectra Upgrade Slashes Blob Costs, Boosts L2 Efficiency

Ethereum's Pectra upgrade has drastically lowered blob transaction costs from around $16,000 per day to fractions of a penny. Layer-2 networks now operate much more...

Must Read

Top 7 BEST Crypto Trading Bots for Beginners

QUICK NAVIGATIONQuick Look: Top 3 Best Crypto Trading BotsWhat Exactly is a Crypto Trading Bot?How I Chose These Trading BotsTop 7 Crypto Trading Bots...