Cryptocurrency theft is one of Pyongyang’s regime’s most significant income streams, notably earmarked for financing military and weapon development programs. According to a UN panel of experts, money raised by North Korea’s criminal cyber operations are helping to fund the country’s illicit ballistic missile and nuclear programs.
Since 2017, North Korea has significantly increased its focus on the cryptocurrency industry, stealing an estimated $3 billion worth of cryptocurrency. Initially successful in stealing from financial institutions through the hijacking of the SWIFT network, North Korea shifted its attention to cryptocurrency during the 2017 bubble, starting with the South Korean market and later expanding globally.
In 2022 alone, North Korean threat actors were accused of stealing $1.7 billion in cryptocurrency, equivalent to 5% of the country’s economy or 45% of its military budget. As recently outlined in a confidential United Nations report, North Korean state hackers have been behind unprecedented levels of cryptocurrency theft, stealing between $630 million and more than $1 billion in 2022 alone, effectively doubling Pyongyang’s illicit profits from cyber theft compared to the previous.
Their cryptocurrency attacks started surging after the hack of South Korean exchanges Bithumb, Youbit, and Yapizon in 2017 when they stole crypto assets worth roughly $82.7 million. In the last two years, North Korean Lazarus hackers have been linked to crypto heists against the Harmony blockchain bridge ($100 million in losses), the Nomad bridge ($190 million in losses), the Qubit Finance bridge ($80 million in losses), and the largest crypto hack ever after breaching the Ronin Network cross-chain bridge and stealing $620 million.
This year alone, they’ve also allegedly stolen $200 million in multiple attacks, including from Atomic Wallet ($35 million), AlphaPo ($60 million in two separate attacks), and CoinsPaid ($37 million). North Korea has used various techniques to evade detection and attribution, such as using proxy servers, VPNs, TOR, and cryptocurrency mixing services.
The US Treasury Department has imposed sanctions on several North Korean hacking groups and cryptocurrency services for their involvement in acquiring intelligence and laundering funds that helped support North Korea’s weapons of mass destruction (WMD) programs. The US has also worked with other countries and private crypto-tracking experts to intercept some of the stolen cryptocurrency before the North Koreans try to convert it to the hard currency needed to buy weapons.
North Korea’s ability to exploit cryptocurrency and other tech firms to fund its weapons program is part of a regular set of intelligence products presented to senior US officials, including, sometimes President Joe Biden. The UN report also found that the humanitarian situation in North Korea was continuing to worsen, likely as a result of the country’s decision to close its borders during the pandemic.