Google reveals increase in North Korean hacker activity on Solana blockchain in Europe
A new report from Google warns of a growing wave of North Korean cyber operations across Europe targeting blockchain projects built on the Solana network.
The attacks represent a shift in strategy for the Democratic People's Republic of Korea (DPRK), as operatives increasingly turn to the European tech sector after facing tighter scrutiny in the United States, Coindesk reported.
The threat actors—posing as remote “IT workers”—have infiltrated crypto startups and blockchain projects, particularly those involving Solana-based applications, smart contracts, and decentralized job platforms. Their goal, according to Google, is to steal sensitive data and financial assets to help generate revenue for the regime.
A shift from U.S. to Europe as hiring scrutiny increases
The report highlights that North Korean actors are adapting their tactics after facing criminal charges and employment bans in the U.S. One case detailed a DPRK-linked worker juggling 12 fake personas, fabricating references, and using sock puppet accounts to vouch for credibility when applying to blockchain startups.
Some of the most affected projects involved Anchor and Rust smart contract development, as well as AI-driven web apps using frameworks like Electron and Next.js.
We also reported that the Lazarus Group has infected hundreds of software developers, deploying malware via npm packages to steal credentials, extract crypto wallet data, and install a persistent backdoor.
Weak security practices enabling infiltration
Google’s report notes that companies allowing employees to use personal devices were especially vulnerable. By bypassing standard vetting and device security protocols, threat actors gained backend access, potentially compromising wallet infrastructure, admin dashboards, and user data.
These attacks not only threaten project integrity but also risk regulatory fallout and user trust in decentralized systems.
As European blockchain innovation accelerates, Google’s findings serve as a stark warning. With North Korean operatives actively infiltrating teams under false identities, security diligence in hiring and device management is becoming essential.
Ongoing geopolitical tensions and cyber risks may continue to push this threat vector forward, prompting platforms to reevaluate their operational safeguards.
In addition, we informed that crypto scams are once again in the spotlight as fraudulent emails impersonating Gemini Exchange circulate online, falsely claiming the platform has filed for bankruptcy.
Latest Solana News
- Forex
- Crypto