North Korea is stealing massive amounts of crypto

Written by Kapronasia || April 26 2022

North Korea’s resilience is often surprising to outside observers. After all, Pyongyang is the only communist East Asian country to not formally launch economic reforms. It is impoverished and isolated. Further, U.S.-led sanctions imposed from the mid-2000s have made it harder for North Korea to conduct international trade. However, North Korea has developed a formidable cybercrime capability in order to evade the sanctions, and it is increasingly targeting digital assets whose decentralized nature make them vulnerable to determined hackers.

Crypto enthusiasts wax lyrical about the anonymous and decentralized nature of the system. It is a double-edged sword though. When determined cybercriminals like those employed by North Korea go after digital assets, the results can be devastating. U.S. officials linked the North Korean hacker group Lazarus to the recent theft of US$625 million in cryptocurrency from Ronin, an Ethereum-based sidechain made for the popular play-to-earn game Axie Infinity, after exploiting a vulnerability in the network. The DeFiYield REKT database, which tracks DeFi scams, hacks and exploits, says it is the largest decentralized finance hack to date.

Blockchain analysis firm Elliptic reckons that 14% of the stolen funds have already been laundered, while another US$9.7 million worth is in intermediary wallets in preparation for laundering. In response to the hack, the Treasury Department’s Office of Foreign Assets Control (OFAC) announced new sanctions against an Ethereum wallet belonging to Lazarus.

This colossal hack is all the more notable given that North Korean hackers had their biggest year ever in 2021. According to research firm Chainanalysis, they launched at least seven attacks on cryptocurrency platforms, targeting mainly investment firms and centralize exchanges, and pilfered nearly US$400 million in digital assets. The hackers used phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organizations’ internet-connected “hot” wallets into DPRK-controlled addresses. “Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” Chainanalysis says.

Data compiled by Chainanalysis show that Bitcoin, despite being the most valuable digital asset, accounts for less than 25% of the digital assets stolen by Pyongyang. In 2021, just 20% of the funds North Korea stole were Bitcoin. 22% were either ERC-20 tokens or altcoins. For the first time ever, Ether accounted for a majority of the funds stolen at 58%.

A United Nations panel that monitors sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs as a way to avoid international sanctions.

Meanwhile, in mid-April a former Ethereum Foundation researcher was sentenced to more than five years in prison for conspiring to help North Korea evade U.S. sanctions using cryptocurrency. Virgil Griffith had earlier pleaded guilty to conspiring to violate US law.

In 2019, he traveled to Pyongyang to give a presentation on blockchain technology. "The most important feature of blockchains is that they are open. And the DPRK [Democratic People's Republic of Korea] can't be kept out no matter what the USA or the UN says," Griffith said during the presentation, according to prosecutors.

Referring to this statement, prosecutors argued that Griffith understood the information in his prsen could be used to evade sanctions that Washington had imposed on North Korea over its development of nuclear weapons.