Warning from Google on Solana Altcoins: "You Are the Target" - Coin Bulletin

According to a report published by Google Cloud on Wednesday, North Korean (DPRK) "IT workers" are increasing their illegal cyber activities by targeting blockchain projects in Europe.

The report stated that platforms such as projects, applications, and dashboards developed on the popular Solana network have been affected by increasing attacks. North Korean operators are infiltrating companies by impersonating legitimate remote workers, taking control of critical systems, and stealing sensitive data to sell this information for "generating revenue for the regime".

The increase in threats in Europe occurred after the decrease in U.S.-focused activities due to North Korea-linked groups facing lawsuits in the U.S. and increased scrutiny in hiring.

The report revealed that a North Korean employee used 12 fake identities in the US and Europe and fabricated references while applying for jobs, attempting to prove their credibility with other identities they controlled by establishing relationships with recruitment specialists. It was emphasized that these employees not only concealed their identities but also possessed technical knowledge, working on various projects ranging from creating a Solana-based job market to developing token hosting platforms.

Another noteworthy point was that workplaces allowed their employees to use their own devices. According to Google Cloud, IT employees have identified BYOD (Bring Your Own Device) environments as suitable areas for cyber attacks and have started to carry out operations through these environments as of January 2025.

The report states that the DPRK's cyber attacks have combined with consistent strategies such as global expansion, coercive threats, and the use of virtual infrastructure. These cyber attacks continue to pose a serious threat to the crypto ecosystem, with $1.3 billion worth of cryptocurrency possibly stolen just in 2024.