Why does North Korea steal so much crypto?

Written by Kapronasia || November 30 2024

North Korea has become the most tenacious state actor when it comes to theft of digital assets. Given its proximity to the Hermit Kingdom, a shared language and a deep understanding of how its criminal pursuits are carried out, South Korea plays a leading role in the investigation of Pyongyang’s crypto crime. In late November, South Korean police said that their investigation confirmed that hackers linked to North Korea's military intelligence agency were responsible for a large 2019 Ethereum heist.

According to South Korea’s National Police Agency, more than half of the stolen assets were laundered through three crypto exchanges set up by the hackers themselves at a discount to Bitcoin and the rest were laundered through 51 different exchanges. The hackers infiltrated a crypto exchange where the Ethereum was being kept and stole 342,000 tokens, now valued at more than 1.4 trillion won (US$ 1 billion).

Authorities did not name the exchange but South Korea-based Upbit said in 2019 it had detected the transfer of 58 billion won of Ethereum to an unidentified wallet. To its credit, Upbit has beefed up security since then – and has not suffered another major hack.

North Korea committed more hacking crimes than ever in 2023 – a 20 – but stole less (US$1 billion) than its all-time high of US$1.7 billion in 2022. Chainalysis’s data show that North Korea-linked hackers stole about US$428.8 million from DeFi platforms in 2023, US$330 million from exchanges, US$150 million from targeted centralized services and US$127 million from wallet providers.

One reason for Pyongyang’s success in crypto thievery is that it has had people on the inside. An October 2024 CoinDesk report revealed that more than a dozen digital asset firms unknowingly hired IT workers from the DPRK. The affected companies include ZeroLend, Fantom, Sushi, Yearn Finance and Cosmos Hub. CoinDesk found evidence that some workers transferred their wages to blockchain addresses linked to the North Korean government. The crypto media publication also discovered that some crypto projects that employed DPRK IT workers were later hacked.

Worryingly, the uptick in digital asset thievery by North Korea appears to tied in with an acceleration in the country’s ever-concerning missile programs. Pyongyang fired more missiles in 2022 than any other year, including 23 in a single day. While cryptocurrency theft is a relatively new source of income for Pyongyang, it is estimated that more than 40% of the funding for North Korea's weapons of mass destruction (WMD) and ballistic missile development programs is sourced through cryptocurrency channels.

With North Korea now directly involving itself in the Russia-Ukraine War, there is likely to be a renewed effort by the U.S. and South Korea to track and freeze its illicit finances. At the same time, Pyongyang will likely seek to exploit large regulatory gaps around digital assets to steal as much as it can.