North Korea Has Been Attacking The Crypto Ecosystem At Alarming Speed And Scale
According to TRM Labs, and others – last year North Korea succeeded in stealing over a billion dollars from crypto services.
How Does North Korea (DPRK) Execute This? What Are The Geopolitical Ramifications?
What are the key aspects of North Korea’s crypto program?
- Financial Gain: One primary objective of North Korea’s crypto hacking operations is financial gain and an attempt to bypass sanctions to fund weapons proliferation.
- Advanced Cyber Tools: North Korea employs advanced cyber tools and techniques to carry out its crypto hacking operations. This includes spear-phishing campaigns, where carefully crafted emails are sent to targets to trick them into revealing sensitive information or executing malicious code. Additionally, the use of sophisticated malware, including remote access trojans (RATs) and cryptocurrency-stealing malware, helps facilitate unauthorized access and funds theft.
- Targeting Crypto Services: North Korea primarily targets cryptocurrency exchanges and the DeFi ecosystem which serve as lucrative targets due to their holdings of substantial amounts of digital assets. By infiltrating these services, hackers can directly steal cryptocurrencies or conduct attacks that compromise the integrity of the platform, resulting in widespread financial losses.
- Exploiting Weak Security Practices: North Korean hackers exploit security weaknesses within services, leveraging vulnerabilities in software, networks, or human factors. They carefully research and identify vulnerabilities and use them as entry points to gain unauthorized access to systems and carry out their attacks.
- Money Laundering: Once cryptocurrencies are stolen, North Korean hackers employ sophisticated money laundering techniques to obfuscate the origins of the funds. They may utilize mixers or tumblers to blend the stolen coins with legitimate transactions, making it challenging to trace the illicit activities. Funds may also be rerouted through multiple wallets and exchanges to further complicate the tracking process.
- Support from State Actors: It is widely believed that North Korean hacking groups operate with the support and protection of the state. They may receive guidance, resources, and safe havens, which enable them to carry out their operations with relative impunity.
- Proxy Networks: North Korean hackers often utilize proxy networks and compromised infrastructure from various countries to mask their identities and location. By routing their activities through these intermediaries, they create further challenges for attribution and investigation.
North Korea Is Engaged!
North Korea is engaged in a wide range of cryptocurrency crimes, including:
- Cryptocurrency theft: North Korea has been accused of stealing billions of dollars worth of cryptocurrency through hacking attacks. In 2021, the US Treasury Department attributed a $620 million hack of the Ronin Network to North Korea.
- Cryptocurrency laundering: North Korea uses cryptocurrency to launder money that it has obtained through other criminal activities, such as drug trafficking and counterfeiting.
- Cryptocurrency ransomware: North Korea has also been accused of using cryptocurrency to extort money from businesses and individuals. In 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that North Korea was using a ransomware called Maui to target businesses in the healthcare and telecommunications sectors.
North Korea’s use of cryptocurrency is a major challenge for the global financial system. Cryptocurrency is a borderless asset that can be easily moved around the world, sometimes making it difficult to track and trace. This makes it an attractive option for criminal nations like North Korea, who are looking to move money around without detection to fund their nation’s activities.
The international community is working to address the challenge of North Korea’s cryptocurrency crimes. In 2021, the Financial Action Task Force (FATF), an international body that sets standards for combating money laundering and terrorist financing, updated its guidance on virtual assets and VASPs (virtual asset service providers). The updated guidance includes specific measures that VASPs should take to prevent North Korea from using cryptocurrency to finance its illicit activities.
The FATF’s guidance is a positive step, but as it is an NGO it is important to note that it is not legally binding. This means that it is up to individual countries to implement the guidance into their own laws and regulations. As a result, it is likely that North Korea will continue to use cryptocurrency to finance its illicit activities for the foreseeable future.
Here are some of the things that can be done to combat North Korea’s cryptocurrency crimes:
- Increased international cooperation: The international community needs to work together to share information and resources to combat North Korea’s cryptocurrency crimes.
- Improved regulation of cryptocurrency exchanges and VASPs: Cryptocurrency exchanges and VASPs need to be regulated to ensure that they are not being used to facilitate North Korea’s illicit activities.
- Public awareness: The public needs to be made aware of the risks of cryptocurrency crimes and how to protect themselves.
How Does North Korea Use The Proceeds Of Its Efforts To Steal Cryptocurrency Worldwide?
North Korea, specifically its government agencies and affiliated hacking groups, has been accused of engaging in various cyberattacks and hacking campaigns targeting cryptocurrency exchanges, financial institutions, and individuals to steal cryptocurrencies. The stolen funds are believed to be used by North Korea for several purposes:
- Evasion of sanctions: North Korea is subject to extensive international sanctions due to its nuclear weapons and missile programs. By acquiring and utilizing cryptocurrencies, North Korea can potentially evade some of these sanctions by bypassing the traditional banking system and conducting transactions with greater anonymity.
- Financing weapons programs: It is suspected that some of the proceeds from cryptocurrency thefts are used to finance North Korea’s weapons development programs. This includes funding its nuclear and ballistic missile programs, which have been a significant concern for the international community.
- Supporting the regime: The funds acquired through cryptocurrency thefts may also be used to support the North Korean regime and its leadership. This can include funding government operations, maintaining the lifestyle of top officials, and investing in infrastructure projects that help consolidate the regime’s power.
- Money laundering and illicit activities: Cryptocurrencies provide a degree of anonymity, making them attractive for money laundering purposes. It is believed that North Korea may use stolen cryptocurrencies as a means to launder money and finance other illicit activities, such as smuggling, drug trafficking, and cybercrime. This also includes supporting its other cybercrime activities, including relationship scams.
It’s important to note that the precise details of how North Korea uses the proceeds of cryptocurrency thefts are challenging to ascertain due to the secretive nature of the country’s leadership and limited access to reliable information. The mentioned purposes are based on assessments made by cybersecurity experts and intelligence agencies.
What Agencies Of North Korea Are Involved?
The United Nations has accused North Korea of using government agencies, including the Reconnaissance General Bureau (RGB) and the Ministry of State Security (MSS), to steal cryptocurrency worldwide. The RGB is North Korea’s primary intelligence agency, while the MSS is responsible for domestic security.
In 2021, the United States Treasury Department imposed sanctions on a North Korean cryptocurrency exchange called “Hermit Kingdom”. The Treasury Department alleged that Hermit Kingdom was used to launder stolen cryptocurrency and finance the country’s nuclear weapons program.
The United States Department of Justice has also accused North Korea of stealing cryptocurrency from a number of companies and organizations. In 2022, the DOJ announced that it had seized $3.6 billion worth of cryptocurrency that was stolen from North Korea in a series of cyberattacks.
The use of cryptocurrency by North Korea is a growing problem. As the value of cryptocurrency continues to rise, so too does the incentive for criminals to steal it. North Korea is well-positioned to take advantage of this trend, as it has a sophisticated cyberwarfare capability and a lack of international financial oversight.
The international community is taking steps to address the problem of North Korea’s use of stolen cryptocurrency. In 2022, the United States Treasury Department issued guidance to financial institutions on how to identify and report suspicious cryptocurrency transactions. The United Nations Security Council is also considering new sanctions on North Korea that would target its use of cryptocurrency.
Despite these efforts, it is likely that North Korea will continue to use stolen cryptocurrency to fund its nuclear weapons program and other illicit activities. The country has a long history of evading sanctions, and it is likely to find new ways to use cryptocurrency to do so.
Here are some of the cyberattacks that have been attributed to North Korea:
- In 2017, North Korea was accused of stealing $81 million worth of cryptocurrency from the Ethereum blockchain. In 2017, the blockchain analytics company Chainalysis identified a group of hackers known as Lazarus as the perpetrators of the Ethereum theft. Lazarus is a North Korean hacking group that has been accused of carrying out a number of cyberattacks, including the WannaCry ransomware attack in 2017.
- In 2018, North Korea was accused of stealing $1.2 billion worth of cryptocurrency from the Binance exchange. In 2018, the blockchain analytics company CipherTrace identified North Korea as the likely perpetrator of the Binance theft. CipherTrace found that the hackers used a technique called “transaction mixing” to obscure the trail of their stolen funds. Transaction mixing is a process where cryptocurrency is sent through a number of different wallets in order to make it difficult to track.
- In 2019, North Korea was accused of stealing $400 million worth of cryptocurrency from a number of companies and organizations. According to a report by the blockchain analytics firm Chainalysis, North Korea stole an estimated $400 million worth of cryptocurrency in 2019.
- In 2020, North Korea was accused of stealing $2.3 billion worth of cryptocurrency from a number of companies and organizations. In 2020, the blockchain analytics company Elliptic identified North Korea as the likely perpetrator of a series of cyberattacks that resulted in the theft of $2.3 billion worth of cryptocurrency. Elliptic found that the hackers used a variety of techniques, including transaction mixing and social engineering, to steal the cryptocurrency.
The United States government has accused North Korea of using the stolen cryptocurrency to fund its nuclear weapons program. The United Nations Security Council has imposed sanctions on North Korea in an effort to prevent the country from developing nuclear weapons. However, North Korea has continued to develop its nuclear weapons program, and it is likely to continue to use stolen cryptocurrency to fund this program.
Tracing And Recovering Cryptocurrency Stolen By North Korea
It is possible to trace and recover cryptocurrency stolen by North Korea, but it is not always easy. Cryptocurrency transactions are recorded on a public ledger called the blockchain, which makes it possible to track the movement of funds. However, North Korean hackers are often very sophisticated and use techniques such as mixing and tumbling to obscure the trail of their stolen funds.
In some cases, law enforcement agencies have been able to trace and recover cryptocurrency stolen by North Korea. For example, in 2022, the United States Department of Justice announced that it had seized $3.6 billion worth of cryptocurrency that was stolen from North Korea in a series of cyberattacks.
However, in other cases, it has been more difficult to trace and recover cryptocurrency stolen by North Korea. For example, in 2017, North Korean hackers stole $81 million worth of cryptocurrency from the Ethereum blockchain. The hackers used a technique called “transaction mixing” to obscure the trail of their stolen funds, making it difficult for law enforcement to track them down.
The difficulty of tracing and recovering cryptocurrency stolen by North Korea is a major challenge for law enforcement agencies. However, there are a number of tools and techniques that can be used to make it more difficult for North Korean hackers to steal and launder cryptocurrency. These tools and techniques include:
- Blockchain analytics: Blockchain analytics companies (such as BIG, TRM, and Chainalysis) use sophisticated software to analyze blockchain data and identify suspicious transactions. This data can then be used to track down and recover cryptocurrency stolen by North Korea (or any other criminal.)
- International cooperation: Law enforcement agencies from different countries can work together to share information and track down cryptocurrency stolen by North Korea. This cooperation is essential, as North Korean hackers often operate across borders.
- Cryptocurrency regulations: Governments can regulate cryptocurrency exchanges and other businesses that deal in cryptocurrency. This regulation can make it more difficult for North Korean hackers to launder stolen cryptocurrency.
The challenge of tracing and recovering cryptocurrency stolen by North Korea is a complex one. However, the tools and techniques available to law enforcement agencies are constantly evolving. As these tools and techniques improve, it will become more difficult for North Korean hackers to steal and launder cryptocurrency.