Page Nav


Gradient Skin



Responsive Ad

Crypto meltdown puts North Korea's stolen money in danger as it intensifies weapons testing

Image: Reuters Berita 24 English -  According to four digital investigators, the collapse in cryptocurrency markets has destroyed millions o...

Image: Reuters

Berita 24 English -  According to four digital investigators, the collapse in cryptocurrency markets has destroyed millions of dollars in assets that North Korean hackers had stolen, endangering a crucial source of income for the sanction-hit nation and its weapons programmes.

According to the U.S. Treasury, North Korea has invested significant resources in cryptocurrency theft in recent years, making it a strong cyber threat and resulting in one of the greatest cryptocurrency heists on record in March, in which over $615 million was stolen.

According to two South Korean government sources, Pyongyang's ability to profit from that and other heists has been complicated by the sudden drop in cryptocurrency values, which began in May amid a broader economic slowdown. This could have an impact on how Pyongyang plans to fund its weapons programmes. Due to the sensitivity of the subject, the sources requested anonymity.

It occurs as North Korea prepares to resume nuclear testing amid an economic crisis and conducts a record number of missile launches, which the Korea Institute for Defense Analyses in Seoul believes have cost as much as $620 million so far this year.

According to New York-based blockchain analytics startup Chainalysis, the value of old, unlaundered North Korean crypto holdings, which include money taken in 49 hacks from 2017 to 2021, has dropped from $170 million to $65 million since the year's beginning, the company told Reuters.

According to Nick Carlsen, an analyst with TRM Labs, a different U.S.-based blockchain analysis company, one of North Korea's cryptocurrency caches from a 2021 heist, which had been worth tens of millions of dollars, has lost 80% to 85% of its value in the last few weeks and is now worth less than $10 million.

The North Korean embassy in London's phone operator declined to comment on the crash, calling reports of bitcoin hacking "absolutely bogus news."

The guy, who would only identify himself as an embassy official, stated, "We didn't do anything." The foreign ministry of North Korea has referred to these accusations as American propaganda.

Authorities in the United States claim that a North Korean hacker group known as the Lazarus Group was responsible for the $615 million March attack on the blockchain project Ronin, which runs the well-known online game Axie Infinity.

According to Carlsen, it was challenging to determine how much North Korea was able to profit from that crime because of the interrelated price movements of the many assets involved in the breach.

The value of the stolen Ether money, if the identical attack had occurred today, would be little over $230 million, but North Korea exchanged nearly all of that for Bitcoin, which has had different price changes, he said.

The North Koreans have, needless to say, lost a lot of value, according to Carlsen. But even at low costs, this is a hefty haul.

The Reconnaissance General Bureau, North Korea's main intelligence agency, is said by the United States to be in charge of Lazarus. It has been charged with taking part in the 2014 cyberattacks on Sony Pictures Entertainment, the "WannaCry" ransomware attacks, and the hacking of foreign banks and customer accounts.

Analysts are hesitant to disclose specifics about the types of cryptocurrencies North Korea owns since doing so could reveal their probing techniques. Ether, a popular cryptocurrency connected to the open-source blockchain technology Ethereum, was 58 percent, or roughly $230 million, of the $400 million stolen in 2021, according to Chainalysis.

Chainalysis and TRM Labs track transactions and spot potential crimes using publicly accessible blockchain data. Sanctions monitors have mentioned this activity, and public contracting documents show that both companies cooperate with the IRS, FBI, and DEA, among other U.S. government organisations.

North Korea is subject to numerous international restrictions because of its nuclear programme, which restricts its access to international trade and other revenue streams and makes crypto heists appealing, according to the investigators.


Eric Penton-Voak, the coordinator of the United Nations panel of experts that monitors sanctions, stated at a gathering in Washington, D.C., in April that cyberattacks have become "absolutely fundamental" to Pyongyang's capacity to evade sanctions and raise money for its nuclear and missile programmes. Despite the fact that it is thought that cryptocurrencies make up a small portion of North Korea's finances,

Sanctions observers noted in 2019 that North Korea has used hackers to raise an estimated $2 billion for its WMD programmes.

North Korea is thought to spend roughly $640 million annually on its nuclear weapons, according to a report by the Geneva-based International Campaign to Abolish Nuclear Weapons. The central bank of South Korea predicted that the nation's GDP will be about $27.4 billion in 2020.

Due to self-imposed border lockdowns to resist COVID-19, Pyongyang's official revenue sources are more restricted than ever. In 2021, China, North Korea's largest trading partner, reported importing commodities from the country for just over $58 million, at a time when official trade between the two countries was at its lowest level in decades. Smuggling is not included in the statistics.

According to Aaron Arnold of the RUSI think tank in London, North Korea only receives a small portion of the stolen goods since it must use brokers prepared to convert or purchase cryptocurrency without any checks or balances. According to a Center for a New American Security (CNAS) assessment from February, North Korea occasionally only receives one-third of the value of the currency it has taken.

When North Korea steals cryptocurrency, it sometimes converts it to Bitcoin and sells it to brokers who would pay less for it in return for cash, which is frequently kept outside of the nation.

Arnold remarked, "You're not going to earn fair market value, much like selling a stolen Van Gogh.


In contrast to many other attackers, the CNAS investigation showed that North Korean hackers show only "moderate" care over concealing their role. This occasionally enables investigators to trace digital footprints and link attacks to North Korea, though rarely in time to retrieve the money that has been stolen.

According to Chainalysis, North Korea has increased its use of software tools that pool and scramble money from hundreds of electronic addresses, a designation for a location for digital storage, and has resorted to complex methods of laundering stolen cryptocurrency.

It is frequently possible to inspect the contents of a specific address, which enables companies like Chainalysis or TRM to monitor any that investigations have linked to North Korea.

According to a research this year by Chainalysis, hackers have fooled victims into granting access or worked past security to steal digital currency from internet-connected wallets and deposit it into accounts under the control of North Korea.

North Korea's ability to transfer cryptocurrencies to cash as swiftly as in the past has been hampered by the size of recent hacks, according to Carlsen. It follows that certain funds have remained stagnant despite a decline in value.

Smaller coins have also been hard hit, losing around 54 percent of their value this year, matching a decline in stock prices linked to investor worries about rising interest rates and the increasing likelihood of a global recession.

According to Carlsen, a former FBI analyst who looked into North Korea, "converting to cash remains a fundamental prerequisite for North Korea if they wish to use the stolen monies." Most of the goods or commodities that North Korea wants to purchase are only available for sale in USD or other fiat currencies, not cryptocurrencies.

According to Arnold, Pyongyang has access to additional, more substantial sources of money. As recently as December 2021, U.N. sanctions monitors reported that North Korea continued to ship large quantities of forbidden goods, primarily coal, to China.


According to CNAS report author Jason Bartlett, North Korean hackers sometimes seem to wait out sharp drops in value or exchange rates before turning to cash.

This can sometimes backfire because it is difficult to forecast when a coin's value will rise quickly, and there have been multiple instances of severely depreciated cryptocurrency cash remaining in wallets connected to North Korea, the author wrote.

In recent months, there are indications that North Korea has resumed stepping up attacks on traditional banks rather than cryptocurrency, according to Sectrio, the cybersecurity branch of Indian software company Subex.

Since the cryptocurrency crash, "anomalous activities" have increased at the company's banking sector-focused "honeypots" (false computer systems designed to attract cyberattacks), as have "phishing" emails that attempt to trick recipients into divulging security information, according to a report released last week by Sectrio.

But according to Chainalysis, there hasn't been much of a shift in North Korea's cryptocurrency behaviour, and few observers believe the country will stop committing cryptocurrency thefts.

Bitcoin is now a target for Pyongyang's calculations about money laundering and sanctions evasion, according to Bartlett.

Reponsive Ads