The Hermit Kingdom has become adept at stealing cryptocurrency to fund its illicit weapons programs and access much needed foreign currency
North Korea is capitalizing on its hacking prowess to pilfer huge sums of cryptocurrency that is often poorly protected and easy to launder. Chainalysis, a blockchain research firm, estimates that North Korean hackers stole US$840 million in cryptocurrency from January to May, roughly US$200 million more than they pilfered in 2020 and 2021 combined.
It seems that the tenacious North Korean regime is not deterred in the least by the crypto bear market that has wiped out more than 70% of digital assets’ market capitalization, which stands today at around US$1 trillion compared to about US$3 trillion a year ago.
"Crypto is arguably now essential to North Korea," Nick Carlsen, a former North Korea analyst at the FBI who now works for crypto security firm TRM Labs, told CNET. "By any standard, they are a crypto superpower."
While many cybercriminals steal crypto and use it for illicit purposes, North Korea’s crypto crime is especially worrying because Pyongyang is a nuclear-armed rogue state that is a perennial threat to peace and stability in Northeast Asia. The more funding it can raise for its illicit weapons programs, the better armed it will be.
While North Korea most immediately threatens South Korea and Japan, it claims to have the capability to strike the continental United States with intercontinental ballistic missiles (ICBMs). Thus far this year, Pyongyang has launched 41 ballistic missiles, six of them ICMBs. However, North Korea would be unlikely to strike the U.S. or its allies with one of those missiles because the U.S. has overwhelming military superiority.
Washington made clear the risks to Pyongyang of such an attack in a joint communique released by the US Department of Defense following Defense Secretary Lloyd Austin’s recent meeting with the South Korean defense minister, Lee Jong-sup. “Any nuclear attack against the United States or its allies and partners, including the use of non-strategic nuclear weapons, is unacceptable and will result in the end of the Kim regime,” Austin said.
It is more like likely that North Korea would attack one of its neighbors with conventional weapons as it did in 1950 when it invaded South Korea. To that end, Pyongyang in October launched a ballistic missile over Japan, prompting the Japanese government to order 5 million residents to seek immediate shelter.
It was the first North Korean missile to fly over or past Japan since 2017. Prime Minister Fumio Kishida condemned the missile test as a “barbaric” act.
Crypto lifeline
The largely unregulated and anonymous nature of cryptocurrency is providing a lifeline to the North Korean regime, which faces harsh U.S.-imposed financial sanctions that limit its ability to easily access foreign fiat currency. The sanctions have been in place in since the mid-2000s, when in the U.S. Treasury Department targeted obscure Macau-based Banco Delta Asia, which had long been a bank of choice for the North Korean regime.
Under Section 311 of the PATRIOT Act, the Treasury Department designated Banco Delta Asia as a “primary money laundering concern” and informed the bank it might be excluded from any dealings with the American financial system if it continued doing business with Pyongyang. Banco Delta Asia then froze more than 50 North Korean accounts with about US$25 million in deposits and subsequently severed its ties with North Korea.
Banco Delta Asia’s move had a knock-on effect throughout the global financial system. Within two years of the Treasury Department targeting the Macau-based lender, two dozen financial institutions had reportedly reduced or terminated their business with North Korea.
Yet with its increasing use of cryptocurrency, North Korea is now better able to evade the sanctions that prevent it from transacting in the U.S.-dominated global financial system.
After it steals crypto, North Korea usually finds brokers who are willing to convert the digital assets or buy them without asking any questions. It is essential that North Korea convert the stolen digital assets to cash because most of what it wants to buy is only sold in USD or other fiat currencies, not crypto.
In some cases, due to brokers taking big cuts, North Korea only gets one-third of the value of the funds it has purloined, but it has been stealing crypto in such large amounts that even a small percentage of the value can be significant. For instance, the North Korea-linked hacking collective Lazarus Group is likely responsible for a recent attack on the blockchain bridge Horizon, which crypto traders use to swap tokens between different networks, that resulted in the loss of US$100 million in cryptocurrencies. The hackers converted most of the funds to the cryptocurrency Ether and then began laundering the stolen money through Tornado Cash, a so-called “mixing service” that allows users to obfuscate the transaction history of certain cryptocurrencies by pooling and mixing them together with other users’ funds.
The South Korea connection
Crypto exchanges in South Korea play a crucial role in North Korea’s financial crime. Pyongyang uses South Korean exchanges to liquidate stolen crypto that it then transfers to a third country and later delivers back to North Korea. Chainalysis reckons that North Korean hackers have sent about US$52.5 million worth of cryptocurrencies to digital asset exchanges in South Korea since 2019 to evade sanctions or launder money.
North Korea has long been suspected of such illicit activity. This data should help verify the allegations and pave the way for South Korean authorities to take necessary measures that go beyond what they have done so far. Regulation that South Korea has introduced in the past two years to stymie illicit activity in the cryptocurrency sector, which includes the Special Financial Transaction Information Act and the Travel Rule, has not been effective in curbing North Korea’s crypto crime. The Travel Rule, for instance, has limited capability to stop transactions using identity theft or under a borrowed name – tactics commonly used by North Korean hackers.
Analysts warn that South Korea could ultimately be labeled a “playground” for DPRK hackers and suffer reputational damage or even be indirectly exposed to sanctions if it does not more effectively counter North Korean crypto crime. South Korea “may become a target of a secondary boycott in part because of the sanctions against North Korea, and may receive a negative appraisal as a uncooperative state in stopping money laundering,” Hwang Suk-jin, a professor of information security at Seoul-based Dongguk University, told crypto and blockchain media Forkast in a recent interview.