Assessing North Korea’s financial cybercrime capabilities

Written by Kapronasia || October 25 2022

The crypto bear market sure is not slowing down North Korea’s cyber criminals. Chainalysis data show that North Korean hackers stole US$840 million in decentralized virtual currencies from January to May, about US$200 million more than they pilfered in 2020 and 2021 combined. "By any standard, they [North Korea] are a crypto superpower,” former North Korea analyst at the FBI Nick Carlsen told CNET in a recent interview.

While many cybercriminals steal large amounts of crypto and use it for nefarious purposes, North Korea’s illicit activities in this area are of particularly grave concern because the Hermit Kingdom is using the proceeds to fund its nuclear weapons program as well as conventional arms. To that end, Pyongyang in early October launched a ballistic missile over Japan, prompting the Japanese government to order 5 million residents of the country to seek immediate shelter. It was the first North Korean missile to fly over or past Japan since 2017. Prime Minister Fumio Kishida condemned the missile test as a “barbaric” act.

The largely unregulated and anonymous nature of cryptocurrency is providing a lifeline to the North Korean regime, which faces harsh U.S.-imposed financial sanctions that limit its ability to easily access foreign fiat currency. A watershed moment came in the mid-2000s when the U.S. Treasury Department went after the obscure Macau-based Banco Delta Asia, which had handled transactions, including sales of gold bullion, for a range of North Korean government companies and entities for more than two decades. Under Section 311 of the PATRIOT Act, the U.S. Treasury Department designated Banco Delta Asia as a “primary money laundering concern” and informed the lender it might be excluded from any dealings with the American financial system. Banco Delta Asia subsequently severed its ties with North Korea.

Banco Delta Asia’s move likely had a ripple effect. As of 2007, media reports suggested that about two dozen financial institutions globally voluntarily reduced or terminated their business with North Korea.

Crypto exchanges in South Korea play a crucial role in North Korea’s financial crime. Pyongyang uses them to liquidate stolen decentralized digital currencies that it then transfers to a third country and later delivers back to North Korea. Chainalysis estimates that hackers from North Korea have sent some US$52.46 million worth of cryptocurrencies to digital asset exchanges in South Korea since 2019 to evade sanctions or launder money.

North Korea has long been suspected of such illicit activity. The data could help prove the allegations are true, and pave the way for South Korean authorities to take necessary action. Though South Korea has over the past two years introduced regulation – the Special Financial Transaction Information Act and the Travel Rule – to crack down on illegal activity in the cryptocurrency sector, it does not appear to be yet deterring the North Koreans. The Travel Rule has limited capability to stop transactions using identity theft or under a borrowed name.

At the same time, Japan’s national police have pinned North Korean hacking group, Lazarus, as the organization behind several years of crypto-related cyber attacks. In a public advisory statement sent out on Oct. 14, Japan’s National Police Agency (NPA) and Financial Services Agency (FSA) sent a warning to the country’s crypto-asset businesses in which it asked them to stay vigilant of “phishing” attacks by the hacking group.