North Korea Relies on Crypto Theft To Fund Growth

If the U.S. is to be believed, North Korea is supposedly behind some of the highest-profile crypto heists in recent months.

Pyongyang reportedly relies on these stolen tokens to fund its numerous missile tests and keep the country running amid sanctions imposed by the United Nations and pandemic lockdowns.

In March, the popular blockchain-based play-to-earn game Axie Infinity was hit by hackers who stole over US$620 million in assets. It’s said to be one of the biggest digital heists in history. And now the U.S. says that North Korean state-sponsored hackers were behind the attack, which, according to reports, could be true.

The New York Times says Pyongyang has long been engaged in illegal activity to secure the cash it needs. It has previously dealt in arms, trafficked drugs, counterfeited bills and hacked international banks. This time around, however, with its borders closed, it’s looking to cryptocurrency theft for funding.

The report further notes that it has allegedly stolen around US$571 million from cryptocurrency exchanges between January 2017 and September 2018 and US$316 million between 2019 and late 2020. Last year, the country reportedly stole about US$400 million in cryptocurrencies.

The problem with relying on this emerging technology for funds is that its value is never stable. The crypto market is, for instance, now experiencing a decline, with the likes of Bitcoin seemingly dropping in value each day. North Korea is believed to have held US$170 million worth of cryptocurrency at the end of last year, which it didn’t convert into cash. If that’s true, then those reserves are now only worth US$65 million.

Then again, if Pyongyang has one advantage here, it’s that transacting and stealing cryptocurrencies pose less of a risk than other illegal activities due to it being mostly unregulated.

"For North Korea, this is a low-cost, low-risk, high-reward criminal activity," Yoo Dong-yeol, a former Chief Counterterrorism Analyst at the South Korean National Police Agency, told The New York Times.

North Korea employs an army of tech-savvy loyalists to conduct its attacks and steal funds. South Korea estimates Pyongyang has about 6,800 cyber warriors under its government program, consisting of 1,700 hackers and 5,100 technical support personnel from seven different units.

These hackers typically use phishing attacks to deceive potential victims. They would, for example, put up fake LinkedIn job pages to trick internet users to part with sensitive information. The hackers would then use this to break into the victims’ wallets before transferring the funds through a "mixer". Their methods are said to be sophisticated to reduce the risks of being tracked.

"The way they launder money is very methodical," said Erin Plante, Senior Investigative Director at research group Chainalysis. "They were methodical, making small moves over a long period of time and eventually trying to evade the investigation."

They would later use offshore exchanges to convert crypto to renminbi, similarly hard-to-detect methods that leave no trace of their transactions.

Recently, Horizon, a platform that allows its users to swap tokens between different networks, was also targeted. The hackers managed to get away with over US$100 million in cryptocurrency. It’s been suggested that Lazarus Group, a hacking collective with strong ties to North Korea, was behind the attack.

• North Korea reportedly relies on stolen cryptocurrency to fund its numerous missile tests and to keep the country running amid sanctions imposed by the United Nations and pandemic lockdowns.

• The U.S. believes Pyongyang was behind the attack on the play-to-earn game Axie Infinity, where over US$620 million in assets were stolen.

• While the value of cryptocurrencies is volatile, the advantage of using them is that they're hard to track, allowing Pyongyang to hide its transactions and dealings.

• The state allegedly has an army of hackers conducting these high-profile cryptocurrency heists.