2-4-2025 – Google’s Threat Intelligence Group has shed light on North Korean technological infiltrators pivoting towards European blockchain enterprises, particularly in Britain, following intensified American regulatory oversight.
The infiltrators, masquerading as legitimate remote technology professionals, have crafted an intricate web of fictitious personas to penetrate blockchain ventures, notably those involving Solana and Anchor smart contract development, according to GTIG adviser Jamie Collier’s latest findings.
British cryptocurrency projects have emerged as prime targets, with these operatives demonstrating remarkable adaptability in circumventing traditional employment verification processes. Their sophisticated operation extends beyond conventional web development into cutting-edge blockchain applications and artificial intelligence integration.
The geographical expansion of these activities has been particularly noteworthy across Europe, with operatives establishing elaborate identities backed by fabricated credentials from Belgrade University and claimed residences in Slovakia. Evidence suggests a concentrated effort to penetrate German and Portuguese technology sectors, supported by a network of facilitators providing counterfeit documentation.
More concerning still is the emergence of aggressive extortion tactics since October. Dismissed workers have threatened former employers with the release of proprietary information and source code, suggesting mounting pressure to maintain revenue streams amidst American clampdowns.
The scale of this operation came to light following US Justice Department action against two North Korean nationals linked to a scheme involving 64 American companies over a six-year period. Cryptocurrency founders report increasingly sophisticated attempts at data theft, including elaborately staged fake Zoom meetings.
Blockchain investigator ZachXBT’s August revelation of North Korean developers earning $500,000 monthly from established cryptocurrency projects underscores the lucrative nature of these operations. The GTIG warns that organisations employing these operatives risk exposure to espionage, data breaches, and operational disruption.
