North Korea keeps stealing crypto by the hundreds of millions

Written by Kapronasia || September 28 2023

If you want proof that sanctions have limited effectiveness, look no further than North Korea. The hermit kingdom is probably the most sanctioned country on earth, and yet it keeps figuring out ever more nefarious ways to access foreign currency. Its mammoth crypto hacks are in a class by themselves, as while there are plenty of criminals that steal decentralized digital currencies, North Korea is among one of the only states that invests considerable resources in such crimes.

Research by the blockchain intelligence firm TRM Labs shows that through mid-August, North Korea-linked hackers had stolen US$200 million in crypto, about 20% of the total pilfered this year. Worryingly, the uptick in digital asset thievery by North Korea appears to tied in with an acceleration in the country’s ever-concerning nuclear and ballistic missile programs. Pyongyang fired more missiles in 2022 than any other year, including 23 in a single day. It is unclear why the reclusive and isolated country has doubled down on its weapons programs, but the fact that cryptocurrency can be used to fund the programs means that authorities in different countries need to do a better job of foiling such crimes by North Korean hackers.

Data from blockchain research firm Chainalysis show that North Korea’s crypto hacking almost perfectly dovetails with the industry’s takeoff that began in the late 2010s. North Korean hackers stole just US$1.5 million in crypto in 2016, but US$29 million in 2017 and US$522 million in 2018. When the bear market hit in 2019, Pyongyang’s crypto thievery decreased somewhat, but started to pick up again in 2021 and surged to US$1.65 billion last year.

In mid-September, blockchain research firm Elliptic said that that the Lazarus Group - a hacker group associated with North Korea – was probably responsible for a US$70 million hack of Hong Kong-based exchange CoinEx. Elliptic said that some of the funds stolen from CoinEx were sent to a crypto wallet address which had previously been used by the Lazarus Group to launder stolen funds. The funds were also sent to the Ethereum blockchain using a blockchain "bridge" - a way of transferring funds between different blockchains - which had also previously been used by the Lazarus Group.

While the amount stolen by North Korea this year pales in comparison to last year’s massive haul, it would only take a couple of more huge hacks for that to change – and it could happen swiftly. Since it is widely believed that the money ends up funding the hermit kingdom’s destabilizing weapons programs, more needs to be done to stop the attacks. To strengthen defenses against attacks, cryptocurrency firms need to train employees to counter social engineering tactics commonly deployed by these hacker groups.