Jamie Collier, a Google Threat Intelligence Group (GTIG) consultant, released a report today revealing that North Korean technical spies are systematically infiltrating global blockchain companies. After the US tightened identity verification norms, these spies have turned to European markets such as the United Kingdom. They have successfully cracked into multiple projects, including blockchain job search platforms and Anchor smart contract development.
The report states, “Further blockchain-related projects involved Solana and Anchor/Rust smart contract development, and a blockchain job marketplace built using the MERN stack and Solana.”
Technical scammers forged at least 12 European identities and established a global network of fake people.
Collier’s report shows that these North Korean technical workers have built a huge network of false identities. They have forged a degree from the University of Belgrade in Serbia, using a Slovakian residential address, and have mastered account credentials for European job search websites. The spies also hold professional fake passport agents.
These North Korean Workers also used deceptive tactics, falsely claiming nationalities from a diverse set of countries, including Italy, Japan, Malaysia, Singapore, Ukraine, the United States, and Vietnam.
The report also suggests that since October 2024, extortion incidents have increased multifolds. The fired “employees” are increasingly threatening to disclose sensitive data of their former employers, including proprietary project source code.
GTIG believes that this underlines the fact that North Korea is facing capital chain pressure due to US sanctions. Crypto sleuth ZachXBT exposed the North Korean developer network back in August 2024. These people received $500,000 in compensation from “well-known encryption projects” every month. In January 2025, the US Department of Justice indicted two North Korean citizens, accusing them of infiltrating 64 US companies through fake IT jobs between 2018 and 2024.
