Introduction

A recent research study reveals that North Korea-linked hackers have been engaging in crypto theft to support the regime’s nuclear weapons programs. From January to August 18th of this year, these hackers successfully stole $200 million worth of cryptocurrency, accounting for more than 20% of the total stolen crypto in 2022. The rising number and size of cyber attacks appear to align with North Korea’s accelerated nuclear and ballistic missile programs.

Increase in Cyber Attacks

According to TRM Labs, a blockchain intelligence firm, there has been a significant rise in cyber attacks by North Korea against cryptocurrency-related businesses. This shift indicates that the regime may be increasingly relying on cyber attacks to fund its weapons proliferation activities, deviating from its ‘traditional revenue-generating activities.’

In a separate report, Chainalysis, a crypto research company, stated that most experts agree that the North Korean government is using the stolen assets to support its nuclear weapons programs.

Financial Sanctions and Crypto

The United Nations has imposed multiple sanctions on North Korea since its first nuclear test in 2006. These sanctions aim to restrict the regime’s access to funds necessary for its nuclear activities. Such sanctions include bans on financial services, minerals, metals, and arms. To counter these economic restraints, North Korea’s state-sponsored hackers are turning to crypto theft as a more efficient way of generating income.

The FBI recently warned cryptocurrency companies that North Korea-linked hackers are planning to “cash out” $40 million of stolen crypto. The agency has been actively working to disrupt North Korea’s theft and laundering of virtual currency, which supports the regime’s ballistic missile and Weapons of Mass Destruction programs.

Given the economic stress and international sanctions North Korea faces, these cyber attacks offer an effective means for the regime to generate revenue. Even if the stolen crypto doesn’t directly fund their nuclear program, it frees up additional funds to support the regime’s activities.

North Korean Hackers’ Tactics

North Korea-affiliated hackers exploit vulnerabilities in the crypto ecosystem in various ways. Examples include phishing and supply chain attacks, as well as infrastructure hacks involving compromises of private keys or seed phrases.

According to Chainalysis, 2022 has seen the highest number of crypto hacks ever recorded. In total, $3.8 billion has been stolen from crypto businesses, with a significant portion attributed to North Korea-linked attackers exploiting decentralized finance protocols.

A notable incident occurred in March last year when North Korea-linked hackers stole over $600 million worth of cryptocurrency assets from Ronin Bridge, a popular blockchain game called Axie Infinity. The hackers obtained stolen private keys, granting them access to users’ funds.

Evolving Tactics

North Korean-affiliated cybercriminals have been reported to pose as recruiters, using social engineering tactics to gain access to targeted systems. They establish relationships with industry professionals and then exploit this access to carry out their attacks.

Authorities have responded by imposing sanctions against individuals and entities involved in helping North Korean IT professionals fraudulently obtain employment overseas and launder illicitly obtained funds back to North Korea. These cybercriminals often target employers in wealthier countries, utilizing various platforms, such as freelance contracting and payment networks.

To manage their digital payments and launder funds, North Korean IT workers use virtual currency exchanges and trading platforms.