Google report exposes North Korea’s growing cyber presence in blockchain industry
Cybersecurity experts warn that companies hiring North Korean-linked IT workers risk espionage, data breaches, and extortion attempts.

North Korean cyber operatives have expanded their activities by targeting blockchain startups in the United Kingdom and European Union.
A report from Google’s Threat Intelligence Group (GTIG) revealed that IT workers linked to the Democratic People’s Republic of Korea (DPRK) have embedded themselves in crypto projects beyond the United States, across the UK, Germany, Portugal, and Serbia.
These operatives, posing as remote developers, have left compromised data and extortion attempts in their wake.
Affected projects include blockchain marketplaces, AI web applications, and Solana-based smart contracts. Some developers worked under multiple fake identities, using falsified university degrees and residency documents to gain employment.
Payments were routed through services like TransferWise and Payoneer, obscuring funds flowing back to the North Korean regime. Cybersecurity experts warn that companies hiring these workers risk espionage, data theft, and security breaches.
GTIG reports that these cyber operations are generating revenue for North Korea, which has been accused of using overseas IT specialists to finance its sanctioned weapons programmes.
Financial service providers, including Wise, have stated that they monitor transactions closely and report any suspicious activity. With increasing global scrutiny, experts caution businesses to remain vigilant against fraudulent hires in the blockchain sector.
For more information on these topics, visit diplomacy.edu.