North Korea: hub of crypto hacks

While scams and hacks are an integral part of the crypto industry, North Korea appears to have specialized in these shady designs, seeing this financial sector as a way to increase its income to fund its armaments.

After the various troubling hacks that the cryptocurrency industry has witnessed in recent months, it seems increasingly clear that North Korea has created an army of hackers to unearth expensive treasures within crypto projects.

It has been well known for years that North Korea has wanted to specialize in hacking. Indeed, the name of the country is generally mentioned in cases like this, and that has long gone beyond the desire to give bad publicity to this dictatorship. On the other hand, the North Korean hacker group is known worldwide and is commonly referred to as Lazarus Group.

After the Sony hack and gained a worldwide reputation as a result, this group of experts turned their attention to the crypto sphere.

A crypto industry already in turmoil

While investors are currently going through a devastating and difficult bear market, they are trying to optimize and adapt their strategies to the best of their ability to survive. However, the explosion of stablecoins or the chain problems experienced by CeFi platforms make it difficult for everyone, causing hundreds of thousands of users to lose their money.

Added to this are these North Korean hackers who come to instill more fear by attacking various crypto projects or even centralized platforms. Victims of hacks have also failed to get their money back, despite failed attempts. For example, no less than $625 million was stolen by the Lazarus Group for Ronin Bridge.

For many blockchain experts, this group of criminals would also be responsible for the recent Harmony Horizon Bridge hack, whose damage is estimated at $100 million.

Hacking in the cryptosphere seems to be a common design for this group of hackers, but recently bridges also seem to have become a breeding ground for these hackers and seem ripe for attacks in the future.

For the crypto sphere, this matter is worrying as these hackers are already very successful and have several feats of arms to their credit. But mostly because they are supported by a government that pursues achievements and oversees their training by sending them to China or Russia to prepare.

In recent years, North Korea has also invested heavily in providing resources to optimize the theft of cryptocurrencies. Now it is a powerful and persistent threat that is behind many of the biggest thefts to hit the crypto industry in terms of amount stolen.

According to Chainalysis, hackers are behind many of these attacks. The operational group is currently still free to operate, and the attacks are said to be the result of decisions by the General Reconnaissance Office, the North Korean intelligence agency.

  • Want to discuss this topic with other crypto enthusiasts? Join our Telegram group in French!

Hackers are already performing better than in 2021

According to reports from Chainalysis, a company specializing in the study of blockchain statistics, North Korean hackers stole as much as $400 million in 2021 through various attacks related to digital assets.

While the stolen sums increase every year, this year 2022 is already about to mark new records. Probably because of the language, the projects emerging in Southeast Asia are the favorite victims of these hackers and will have to redouble their attention in the future to protect their backs. Between 2020 and 2021, hackers had already seen their loot increase by +40%.

The nature of the stolen money is diverse, but a declining proportion is related to Bitcoin. While Bitcoin initially represented all stolen assets, especially when the number of cryptocurrencies in the market was lower, the Ethereum token now represents the bulk of the Lazarus group’s hacks (58%). Altcoins and ERC-20 tokens will make up for the rest of the stolen money.

Source: Chainalysis

The variety of stolen cryptocurrency also increases the complexity of the money laundering process.

Earlier money laundering

In several sophisticated ways, North Korea whitewashes stolen cryptocurrency money by making more use of software that collects cryptos and covers countless email addresses.

According to the Chainalysis article, the protocol that North Korea follows is as follows:

  1. Firstly, any ERC-20 tokens or altcoins that may have been stolen, exchanged for Ethereum tokens via a DEX for greater flexibility.
  2. Ethers are mixed, usually in the Tornado Cash Blender.
  3. The ethers that are mixed are then exchanged for bitcoin always through a DEX.
  4. The BTCs, in turn, are mixed.
  5. Mixed BTCs are kept in new wallets.
  6. These bitcoin tokens are then sent to deposit addresses associated with crypto exchanges in Southeast Asia. This move opens the possibility for North Korea to include these BTCs in FIAT.

Some of its total assets come from thefts from 2020 or even 2021, but we can see that North Korea also has assets from hacks from 2016. The DPRK has a huge amount dating back to several years ago, again pointing to the difficulties that hackers and the North Korean state has exchanged its cryptocurrencies for FIAT currencies.

A delicate bear market to negotiate for North Korea

While the return on investment is very favorable for the Asian country, the North Korean state has recently encountered difficulties in converting the money from digital assets into cash to reuse it in the service of its traditional economy and to finance its development programs. As the size of the hacks increases, the task also gets more complicated, leaving the stolen money trapped in cryptocurrency for some time and gradually losing value.

With the bear market raging since November 2021 and accelerating since May 2022, altcoins like Bitcoin have for the most part lost more than 70% of their value since November. For example, the funds stolen by North Korea for the most recent have largely declined in value. This casts doubt on its usefulness for financing armaments, by the time waiting to obtain the funds in fiduciary currencies and also for the “amounts received”, which ultimately turn out to be halved from what could have been stolen.

Since international trade channels operate through holding USD dollars or other major fiat currencies, the need to convert digital assets into FIAT currencies is inevitable.

North Korean funds therefore fell in line with the cryptocurrency market and all funds that were not traded before the start of the bear market fell significantly. Reuters reports a drop from $170 million to $65 million due to cryptocurrency devaluation. Knowing that some hacks are older, it makes sense that some funds are still “positive”, but bear markets have reduced earnings relative to asset values ​​at the time of the hacks.

Funds serving North Korean armaments

Pyongyang is also under the radar when it comes to using funds for the country’s nuclear weapons programs. Hence the importance of being able to get billions of dollars worth of cryptocurrencies from the internet, as the stolen funds make it possible to avoid international sanctions. Indeed, North Korea and the Lazarus group, although widely suspected, have made no statement on the subject, nor any admission of guilt.

In total, according to another report from Chainalysis, it would be more than $1.75 billion that would have been stolen by the Lazarus Group and, excluding the revaluation or devaluation of its assets, will be made available to the North-North government. Korean. However, it is clear that the slow pace of operations to convert cryptocurrencies into FIAT currencies is a problem for North Korea, especially with regard to its weapons program and deadlines to meet.

However, it is clear that this remains an advantageous method of accessing new funds to put them at the service of the military sector, as the return on investment associated with these hacks is highly beneficial to the North Korean regime. .

In addition, the crypto-fiat conversion problem currently playing against North Korea could prove positive in the future. If the funds are released and then traded during the next bull cycle, the assets could very well be highly revalued upwards.


All information on our website is published in good faith and for general information purposes only. Any action the reader takes based on information on our website is entirely at their own risk.

Leave a Comment