North Korean hackers are expanding their cyber operations beyond US targets, infiltrating blockchain startups across Europe and the UK by posing as remote developers. These operatives have embedded themselves in several projects, from marketplaces to AI-powered applications, leaving behind compromised data and threatening extortion attempts. 2024 saw a surge in these attacks, with Google Threat Intelligence Group (GTIG) revealing that IT workers linked to North Korea’s government are working on blockchain projects across Europe, including UK and Germany. 12 fake identities were used to secure employment, bypassing ID verification and receiving payments via cryptocurrencies like Bitcoin and Ethereum. This tactic has allowed for financial flows back to North Korea, which is alleged to be using these funds to finance sanctioned weapons programs.