North Korean Fraudulent Tech Workers Expand Blockchain Infiltration Beyond US, Google Warns

Jamie Collier, an adviser at GTIG, revealed in an April 2 report that while the U.S. remains a primary target, heightened scrutiny and stricter right-to-work verification processes have forced these workers to shift their focus to non-U.S. companies.

“In response to heightened awareness of the threat within the United States, they’ve established a global ecosystem of fraudulent personas to enhance operational agility,”

Collier said.

The report highlights the discovery of facilitators in the U.K., indicating a rapidly expanding global infrastructure supporting these illicit operations. These North Korean-linked workers have embedded themselves in various projects, ranging from traditional web development to advanced blockchain applications, including Solana and Anchor smart contract development.

One of the affected projects was building a blockchain job marketplace and an artificial intelligence-powered web application leveraging blockchain technology.

“These individuals pose as legitimate remote workers to infiltrate companies and generate revenue for the regime,”

Collier warned.

“This places organizations that hire DPRK IT workers at risk of espionage, data theft, and disruption.”

Beyond the U.K., North Korean workers have been targeting companies across Europe, using fraudulent resumes with degrees from Belgrade University in Serbia and listing residences in Slovakia. One individual was found operating under at least 12 different personas across multiple European countries.

GTIG’s investigations also uncovered evidence of North Korean-linked workers seeking employment in Germany and Portugal, possessing login credentials for European job sites, and using brokers specializing in false passports.

At the same time, GTIG noted a surge in extortion attempts by North Korean workers since late October, with larger organizations increasingly being targeted.

Notably, The United States, Japan, and South Korea have warned the global blockchain industry about the increasing cyber threats that North Korean hackers pose.

The U.S. has already taken action against such fraudulent schemes. In January, the Department of Justice indicted two North Korean nationals for their roles in an IT fraud scheme that spanned from April 2018 to August 2024, involving at least 64 U.S. companies

If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter , LinkedIn , Facebook , Instagram , and CoinMarketCap Community.

“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”