Google: North Korean Tech Spies Infiltrating European Blockchain Firms

BlockBeats News, April 2nd, according to Cointelegraph's report, today Google Threat Intelligence Group (GTIG) advisor Jamie Collier released a report revealing that North Korean tech spies are systematically infiltrating global blockchain enterprises. After the United States strengthened identity verification, these individuals turned to European markets such as the UK, successfully infiltrating multiple projects including a blockchain job platform, Anchor smart contract development, and others. The tech fraudsters have forged at least 12 European identities, establishing a global network of false personas.

Blockchain has become the new battlefield for North Korean hackers. The report shows that these North Korean tech workers have built a vast network of fake identities: forging a degree from the University of Belgrade in Serbia, using a residential address in Slovakia, gaining access to European job site credentials, and utilizing professional fake passport services, among other tactics. More alarmingly, since October 2024, related ransomware incidents have significantly increased. Dismissed "employees" will threaten to expose sensitive data of former employers, including proprietary project source code. GTIG believes this reflects North Korea's financial strain due to US sanctions. Blockchain detective ZachXBT had exposed the North Korean developer network as early as August 2024, with these individuals receiving a monthly reward of $500,000 from a "well-known crypto project." In January 2025, the US Department of Justice indicted two North Korean citizens, accusing them of penetrating 64 US companies through fake IT jobs between 2018 and 2024.