How North Korea uses cryptocurrency thefts to finance its nuclear program

How North Korea uses cryptocurrency thefts to finance its nuclear program

On March 20, a UN panel published its most recent evaluation of North Korea's cyber operations. The panel said that it is looking at 58 cyberattacks targeting businesses involved in cryptocurrencies that occurred between 2017 and 2023 and that it thinks Pyongyang was responsible for. According to the report's conclusion, North Korea is carrying out its global attack on financial institutions to get around UN sanctions.

A recent assessment by a United Nations committee tasked with overseeing North Korea's adherence to global sanctions asserts that Pyongyang persists in its "malicious" cyberattacks, which have brought in the regime almost $3 billion (€2.76 billion) during the six-year period ending in 2023.

According to reports, the earnings have covered up to 40% of the expenses associated with its WMD projects.

According to analysts speaking with DW, the cryptocurrency business "is extremely concerned" about the seeming efficacy and impunity of a strong state actor stealing virtual currencies, and about the fact that international law is not keeping up with the industry's fast expansion.

In a similar vein, they note that the leaders of several of the countries most vulnerable to a cyberattack launched by North Korea, including South Korea, Japan, and the United States, are now concerned with important political issues that need their time and attention.

On March 20, a UN panel published its most recent evaluation of North Korea's cyber operations. The panel said that it is looking at 58 cyberattacks targeting businesses involved in cryptocurrencies that occurred between 2017 and 2023 and that it thinks Pyongyang was responsible for.

According to the report's conclusion, North Korea is carrying out its global attack on financial institutions to get around UN sanctions and pay for the hefty price of building nuclear weapons and long-range missiles.

money allocated to weapons projects

Using the official name of North Korea and citing unnamed UN member state information, the report stated that "the Democratic People's Republic of Korea (DPRK) uses its malicious cyberactivities to generate approximately 50% of its foreign currency income alongside fund its weapons programs."

"A second member state reported that 40% of the armaments of mass destruction programs of the DPRK are funded by illicit cybermeans," said the study.

The industry has been shocked by the Lazarus Group's ongoing "reach and complexity" in its cryptocurrency hacking efforts, according to Aditya Das, an analyst at the cryptocurrency survey company Brave New Coin in Auckland, New Zealand. The Lazarus Group is commonly believed to be the front for North Korea's state-run hacking team.

"The scale as well quantity of the virtual currency thefts tied to the Lazarus Group — $615 million (€568 million) coming from Ronin Network, $100 million from Horizon, $100 million from Atomic Wallet — seem to be unprecedented," he told Digital Trends, adding: "It seems that any enormous crypto entity managing large amounts of crypto is on their radar."

Lazarus also seems to be targeting smaller organizations and people "with their wide net and repeatable attack approach," according to Das, in addition to these significant thefts.

Although contract security knowledge is still scarce and hence costly, Das said that deploying apps and tokens on the blockchain improves access to security resources and that the quality of decentralized application audits and standards has increased dramatically in recent years.

"Another key attack vector to address is human error and phishing," Das said.

"Lazarus is known for its social networking and phishing campaigns because they target employees of large organizations, send them e-mails as well as LinkedIn messages with trapdoor attachments."

$615 million taken from a cryptocurrency company

Through a sidechain connected to the blockchain game Axie Infinity, that is how hackers gained access to the Ronin Network in April 2022. The business estimates that fraudulent withdrawals cost them close to $615 million. Additionally, despite bitcoin companies emphasizing to staff the value of operational security, the assault was successful for the hackers.

The decentralized, freewheeling, worldwide character of cryptocurrencies—which appeals to consumers but is difficult for governments to control—also compromises the sector's security.

"If possible, it would be excellent to see the actual criminals prosecuted as opposed to the applications they use," Das said. "However, we are aware of North Korea's prowess in disguising its cyber activities. Therefore, the best course of action at this time is prevention if prosecution is not feasible."

Regretfully, Das said he anticipates additional assaults to be equally effective since the North is investing a lot of money in its hacking teams because they are such an important source of the money the dictatorship requires.

According to Park Jung-Won, an international law professor at Dankook University in South Korea, hacking assaults threaten financial institutions with more than just financial disaster.

According to reports, the North's cyberteams routinely test the defenses of South Korea's infrastructure, including the country's nuclear power industry, government institutions, financial system, and military contractors.

"We are very familiar with the North's illegal activities and both the military and the government have in recent years been paying much more consideration and devoting additional resources to ensure the security of the nation," he said.

International efforts are also underway to draft legislation governing the industry worldwide, although significant obstacles must be cleared in order for this to occur.

Cybercrime Act

"We are trying to create legislation designed to fight cybertheft, cyberterrorism and other similar violations, but particular guidelines are difficult to achieve because they need the agreement of all the states involved," Park said. "Right now, there are a great deal of loopholes that bad actors, like North Korea, can take advantage of."

According to the legal expert, it is difficult to come to a consensus on legislation in South Korea about the measures required to protect the country from cyberattacks since both the government and opposition parties are reluctant to be perceived to be in agreement on anything less than a month before the election.

"We know that the North has created and trained specialised hacking teams that are very sophisticated as well as have been given the sole task of attacking us," Park said. "We must address these challenges immediately."