Solana-based blockchain projects in Europe are in the crosshairs, and the attackers aren’t who you might expect: North Korean cyber operatives are increasingly targeting these ventures, Google Cloud warned this Wednesday. The DPRK’s digital army is reportedly infiltrating European companies, focusing on everything from decentralized apps to crypto job boards.
These aren’t amateur hackers. Google’s report details sophisticated operations by North Korean “IT workers” who create fake online personas to secure remote work, then pivot to system takeover and data theft. This isn’t just digital vandalism; it’s state-sponsored economic crime, funneling stolen data and funds back to Pyongyang. According to the report, the aim is to “generate revenue for the regime.”
These cyber actors possess significant tech skills, developing blockchain and AI applications themselves. Their portfolio reportedly includes token platforms using Next.js, React, and CosmosSDK, even building a complete Solana-based job marketplace. The report suggests that companies with BYOD policies may be inadvertently facilitating these breaches.
The stakes are high: North Korean hacking groups are cited as major crypto crime actors, allegedly pilfering $1.3 billion in 2024 alone, with a staggering $1.5 billion theft from Bybit exchange in February. European Solana projects, take note.