North Korean hackers have reportedly stolen a total of $3bn in cryptocurrency since 2017, as revealed in a recent report by Recorded Future’s Insikt Group.
The revelation underscores the prolonged engagement of the regime in the cryptocurrency sector, transitioning from targeting financial institutions through the SWIFT network to a broader strategy during the 2017 cryptocurrency boom. Initially, the focus was on South Korea, but the attacks eventually expanded globally.
In 2022 alone, North Korean threat actors faced allegations of pilfering a substantial $1.7bn in cryptocurrency. This amount, representing 5% of the country’s recorded economy or 45% of its military budget, emphasizes the significant economic consequences of these cyber operations.
The funds acquired through illicit means undergo the typical laundering processes employed by conventional cybercriminal groups. This illicit revenue is critical for the regime, sustaining its financial resources despite international sanctions.
Backed by the state, North Korean threat actors engage in operations mirroring those of other cybercriminal groups but on a grander scale, accounting for 44% of the stolen cryptocurrency in 2022. Their targets reportedly extend beyond cryptocurrency exchanges to encompass individual users, venture capital firms and alternative technologies.
The siphoned cryptocurrency is frequently converted into fiat currency, with North Korean threat actors employing diverse tactics, including the use of stolen identities and manipulated photos. These methods are used strategically to elude anti-money laundering measures.
According to Recorded Future’s research, the regime considers cryptocurrency theft a significant revenue source, primarily funding military and weapons programs. The exact allocation for ballistic missile launches remains uncertain. However, there is a noticeable correlation between the increase in stolen cryptocurrency and the rise in missile launches.
The report underscores the need for stronger regulations, enhanced cybersecurity measures and increased investments in cryptocurrency firms’ cybersecurity.
“Without stronger regulations, cybersecurity measures and investments in cybersecurity for cryptocurrency firms, North Korea is likely to persist in targeting the industry for additional revenue,” Recorded Future wrote.
“Despite restrictions on movement and isolation of the general population, the regime’s elite and highly trained computer science professionals with privileged access to technology play a crucial role in conducting cyber-attacks against the cryptocurrency industry.”