How is the crypto bear market affecting North Korea’s stolen digital asset stash?

Written by Kapronasia || July 05 2022

Perennially sanctioned North Korea has become adept at stealing cryptocurrency to finance its illicit weapon programs. Unlike fiat currency, decentralized digital assets exist outside of the formal financial system, making them easier prey for Pyongyang’s tenacious and skilled hackers. Yet the recent crypto bear market that has seen US$2 trillion in market valuation lost may complicate North Korea’s crypto-funded criminal endeavors.

Citing data from blockchain analytics firm Chainalysis, Reuters says that North Korea’s as-yet unlaundered crypto stash, which includes funds stolen in 49 hacks from 2017 to 2021, has fallen in value to US$65 million from US$170 million at the beginning of this year. One haul from a 2021 heist, previously worth tens of millions of dollars, has lost 80% to 85% of its value in recent weeks and is now worth less than $10 million.

Analysts are cautious about divulging the types of digital assets held by North Korea as doing so could compromise their investigations. However, research by Chainalysis has found that of the US$400 million in cryptocurrency North Korean hackers pilfered in 2021, 58% (US$230 million) was Ether.

South Korea’s crypto exchanges are regular targets of North Korean hackers. For instance, Bithumb, one of South Korea’s largest digital asset exchanges, has been hacked four different times and the North Korean perpetrators made off with US$60 million in stolen crypto.  

While the amounts of crypto North Korea steals can appear staggering, the Hermit Kingdom does not get to keep the full amount from a heist. Rather, it must find brokers who are willing to convert the crypto or buy it without asking any questions. In some cases, North Korea only gets one-third of the value of the funds it has purloined. It is essential that North Korea convert the stolen digital assets to cash because most of what it wants to buy is only sold in USD or other fiat currencies, not crypto.  

North Korea’s hacking activity has likely increased during the pandemic because the isolated country has been even more sealed off from the world than usual. It faces a low risk of hacking reprisals as most of the country is not connected to the internet. By one South Korean estimate citied by The New York Times, Pyongyang’s cyber army includes 1,700 hackers in seven different units who are supported by 5,100 technical personnel.

Despite the crypto bear market, North Korea is unlikely to reduce its attempts to steal decentralized virtual currencies. Their decentralized nature makes them a better bet for Pyongyang’s hackers than fiat currency that flows through the formal financial system and is better protected from theft and can be more easily tracked by law enforcement authorities.

To that end, on June 29 Blockchain analytics firm Elliptic said that the North Korea-linked hacking collective Lazarus Group likely orchestrated a recent attack on the blockchain bridge Horizon, which crypto traders use to swap tokens between different networks, that resulted in the loss of US$100 million in cryptocurrencies. The hackers quickly converted most of the funds to Ether and then began laundering the stolen assets through Tornado Cash, a “mixing service” that lets users cover up the transaction history of certain cryptocurrencies by pooling and mixing them together with other users’ funds.