North Korean hackers stole a record $1.7 billion worth of crypto last year
Fnew forms the celebration is as close to literally burning money as fireworks and missile tests. And for North Korea, a big fan of both, the more it burns the better. It launched more than 95 cruise and ballistic missiles in 2022, a new record. And it loves above all to pounce on the biggest, flashiest missiles, like the intercontinental ballistic missile it fired eastward into the ocean on February 18.
Despite being unable to feed its people, North Korea has found innovative ways to finance its missile program, including forging foreign currency, committing insurance fraud, and making and selling weapons and drugs. A more recent revenue stream is stolen cryptocurrency. Last year, hackers snagged a record $1.7 billion of the stuff, according to a report published this month by Chainalysis, a New York-based computer firm.
Some of North Korea’s hacking thefts were eye-poppingly large. Last March, it tore down a cross-chain bridge, a method of moving cryptocurrency from one coin’s blockchain to another, associated with the game Axie Infinity. At the time it was discovered, the stolen currency was worth more than $600 million, making it the second largest crypto theft ever.
But as with all robberies, the robbery is only the first step. To launder the loot, North Korean hackers use all kinds of tricks, including splitting the money, moving it between different crypto wallets, converting it to different coins and putting it through mixers – large digital pools where crypto owners can deposit money to hide their origin .
Some of the stolen crypto was put to use directly. In 2022, two South Koreans, including an army captain, were arrested, suspected of selling secrets to the North in exchange for bitcoin. But North Korean hackers mostly try to turn the loot into hard money, either through a broker or more commonly through a centralized exchange. The fiat currency obtained is then used to purchase goods through established procurement channels, run through front companies and North Korean embassies abroad.
However, most of the hacking-and-laundering operation is visible to expert eyes. “This is not happening in a shadowy corner of the world,” says David Carlisle of Elliptic, another blockchain analytics company. “It happens publicly on the blockchain.” This helps investigators track funds and understand hacking methods – and they become better at doing both.
America has blacklisted crypto wallets linked to North Korean hackers. In May, it targeted Blender.io, a mixer used in the Axie Infinity hack. In September, US investigators recovered $30 million worth of cryptocurrency stolen in that hack. Given a drop in the value of cryptocurrency after the heist, it represented about 10% of the total. On 16 February, the Norwegian authorities seized another 5.8 million dollars.
But countries should take stricter measures, argues Allison Owen of the Royal United Services Institute, a London-based think tank. “Most hacks begin with relatively unsophisticated phishing attacks. Better industry regulation and cyber hygiene can help prevent them.”
The crypto industry, meanwhile, is getting better at policing itself. On February 14, two centralized exchanges, Binance and Huobi, froze $1.4 million worth of cryptocurrency linked to a North Korean hack.
The hackers also adapt and improve. “It’s a bit of a game with mules,” says Carlisle. Even if North Korea’s hackers could actually get their hands on only a fraction of the $1.7 billion they stole, it would all be worth it, notes Dennis Desmond, a former US intelligence officer who now teaches at the University of the Sunshine Coast in Australia. “It’s all free cheese,” he says.
Mr Desmond foresees a continued theft and anti-theft “arms race” between hackers and crypto-crime fighters. If the criminals could just get the upper hand, it could help slow down the very arms race, lit by a blaze of ballistic missiles, taking place on the Korean peninsula. ■