In recent years, North Korean hackers have stolen the equivalent of billions of dollars, experts told DW.
At the end of February, hackers part of the Lazarus Group, a notorious North Korean crypto theft group, stole a record $1.5 billion in digital tokens from Dubai-based cryptocurrency exchange ByBit. The company said the hackers had gained access to its digital wallet for Ethereum, the second-largest cryptocurrency after Bitcoin.
Binance News, a new platform run by cryptocurrency exchange Binance, reported last month that North Korea now has about 13,562 bitcoins, equivalent to $1.14 billion. Bitcoin is the world's oldest and most famous cryptocurrency, often compared to gold for its supposed resistance to inflation. Only the United States and the United Kingdom have larger reserves of the currency, Binance News reported, citing crypto data provider Arkham Intelligence.
"Let's not be silent - North Korea achieved this through theft", Aditya Das, an analyst at cryptocurrency research firm Brave New Coin in Auckland, New Zealand, told DW. "Global law enforcement agencies, such as the FBI, have warned that hackers sponsored by the North Korean state are behind numerous attacks on cryptocurrency platforms," he added.
Hackers use social engineering against crypto firms
Despite these warnings, crypto firms are still being robbed, and North Korean hackers are becoming more sophisticated, the analyst said. "North Korea uses a wide range of cyberattack techniques, but has become particularly known for its social engineering skills. Many of their operations involve hacking into employees' hardware, then using that access to breach internal systems or set traps from the inside," Das explained.
The hackers' primary targets are crypto startups, exchanges, and decentralized finance (DeFi) platforms because of their "often underdeveloped security protocols," he continued.
Recovery is "extremely rare"
Elite North Korean hackers tend to take their time when they infiltrate a legitimate global organization: They often pose as venture capitalists, recruiters, or remote IT workers. This is how they build trust while they break into companies' defenses.
"One group, Sapphire Sleet, lures victims into downloading malware disguised as job applications, dating tools or diagnostic software - essentially turning victims into their own attack vectors," Das says. Once cryptocurrency is stolen, recovery of the stolen funds is "extremely rare", the expert says. Cryptocurrency systems are designed to make transactions irreversible, and striking back at North Korean agents "is not a viable option because these are national players with top-notch cyber defenses," he adds.
Cryptocurrency thefts "save" Kim Jong-un's regime
Park Jung-won, a law professor at Dankook University, says that North Korea used to rely on risky deals - such as smuggling drugs and counterfeit goods or providing military instructors to African countries - to make money. But with the advent of cryptocurrency, the dictator has a new opportunity.
"It's probably not an exaggeration to say, given the lack of an adequate response to these thefts, that cryptocurrency saved the regime. Without it, they would have been completely without funds. They know this and have invested heavily in training the best hackers to reach very high levels of skill," Park told DW.
According to the professor, the money they steal goes directly to the government and is supposedly spent on weapons and larger military technologies, as well as on the Kim family.
North Korea is not yielding to international pressure
Park does not believe that external pressure will force North Korea to stop hacking. "For Kim, the survival of his dynasty is the most important priority. They are used to this source of income, even if it is illegal, and they will not change," the law professor said.
Aditya Das of Brave New Coin also agrees that there are few tools available to influence North Korea. The analyst advises companies to do everything in their power to avoid becoming the next victim. At the same time, he warns that cryptocurrencies remain "fragmented" because there is no universal security standard. North Korean hackers are also adept at turning security tools against their users, Das adds.
"In the case of Bybit, the attackers used Safe, a multi-signature wallet system designed to increase security. Ironically, this added layer of security turned out to be the very exploit they used," he said. In this regard, Das warns that while fast delivery remains a priority for companies over building secure systems, this space will remain vulnerable.
Author: Julian Ryall