North Korea (the Democratic People’s Republic of Korea “DPRK”) presents a fundamental and growing international security challenge – and now represents the most serious nation-state risk to the crypto ecosystem. Over the last two decades, the regime in Pyongyang has expanded its nuclear and ballistic missile programs; threatened South Korea, its neighbors, the United States, and political opponents; and accelerated its cyber capabilities and attacks against government agencies, banks, and the private sector.
As cryptocurrency has risen to prominence within the past decade, its widespread use has likewise created great potential for exploitation by malicious actors. With a cyber arsenal capable of reaching cryptocurrency platforms and users, North Korea has increasingly targeted virtual assets as a source of revenue for its regime. The United Nations Panel of Experts estimated that North Korea stole approximately $316.4 million in virtual assets between January 2019 and November 2020.
The decentralized nature of the cryptocurrency market is well-suited for a heavily-sanctioned and financially-isolated state like North Korea, especially given tighter trade restrictions and border closures during the COVID-19 pandemic. The ease of obscuring ownership of virtual assets and the lack of regulatory oversight make cryptocurrency all the more attractive for North Korea.
Elliptic, a blockchain analytics company, studied Cyber Crimes such as hacking and ransomware initiated from North Korea from 2017 to 2022, and coined it as an attack on “national strategy”. The report further quoted that Japan suffered losses of $721 million in those attacks, which was 30% of the world total of over $2.3 billion. Based on an estimate of $640 million of crypto lost in 2022. According to the United Nations, North Korean crypto theft reached a new high in 2022.
Further, Vietnam was the second-most attacked country, according to the report, losing $540 million in the period span. The United States was third with $497 million in losses, and Hong Kong trailed in fourth place with losses of $281 million. The report comes after Group of Seven finance ministers and central bank governors said in a statement on Saturday that they support measures to counter growing threats from illicit activities by state actors, such as the theft of crypto-assets.
North Korea employs two main types of cyberattacks which include hacking and ransomware. Elliptic’s analysis mostly uncovered hacking, stealing directly from cryptocurrency exchanges. Since it is uncertain whether a particular ransomware attack will be successful, North Korea is thought to be focusing its efforts on direct attacks on exchanges as one successful hack can bring in a huge haul of crypto assets.
It is difficult for North Korea to obtain foreign currency because of the international sanctions imposed on the country. Cyberattacks are thought to be a national strategy meant to make up for the loss of foreign exchange. It is crucial to note that, as per the Japan External Trade Organization, the $721 million stolen from Japan is 8.8 times greater than the value of North Korea’s exports in 2021. Also, it is pointed out by the researchers that the hackers have targeted Japan and Vietnam, since, cryptocurrency markets have expanded rapidly and lax taxation laws.
Task forces and combined efforts to discover and react to where the North Korean government and its proxies are operating in the crypto domain. Further, Blockchain analysts, compliance teams, regulators, virtual asset service providers, and law enforcement, among others, can help in tracking and tracing where actors are operating and where they may be infiltrating systems. Also, regulatory measures and sanctions to affect the misuse of cryptocurrencies can play a major role in eliminating the issue to a great extent.