Reportedly, North Korean hackers have pulled off a number of brazen cybercrimes that have netted them an astonishing amount of cryptocurrency, which is raising concerns about the security of the digital asset market as well as the increasing cyber threats from government-backed entities. The experts estimate the magnitude of these heists to be staggering and warn that North Korea is using these proceeds to fund their weapons programs, which poses a dangerous and highly convoluted geopolitical dilemma.
A Staggering Fortune: North Korea’s Bitcoin Stash
According to Binance News, North Korea is estimated to possess 13,562 Bitcoins, valued at approximately 1.14 billion dollars. This estimate places North Korea’s Bitcoin reserves as the third largest in the world, only preceded by the USA and Great Britain, as reported by crypto data provider Arkham Intelligence.
The Lazarus Group: Masters of Crypto Theft
Brave New Coin cryptocurrency analyst Aditya Das did not hold back in explaining the origin of North Korea’s crypto wealth: “Let’s not mince words—[North Korea] achieved this through theft.” Many believe these crimes were carried out by the well-known North Korean state-sponsored hacking group, the Lazarus Group.
Bybit Heist: An Unprecedented Attack
The Dubai-based cryptocurrency exchange ‘ByBit,’ at the end of February, suffered a breach of $1.5 billion (approximately €1.37 billion) at the hands of ‘The Lazarus Group.’ This incident single-handedly demonstrates the level of sophistication that the group has reached as well as the quantifiable liquid currency destruction that they can dwarf. Reportedly, the hackers were able to procure access to ByBit’s Ethereum wallet, which is the second-tier cryptocurrency worldwide.
Attacks of Such Nature: Social Engineering and External Access
“A plethora of techniques that North Korean hackers are known to use includes social engineering.…” Das explains the breadth of social engineering. “A multitude of them are based on gaining physical access to employees’ devices and from there deploying heists that breach their networks.”
The Current Weak Spot: Crypto Startups and DeFi
Most of the time, the victims of these data thefts are crypto-related startups, virtual currency exchanges, or platforms connected with decentralized finance. All these firms fall into the specific category because they are perceived as weak due to their ‘university-level’ security infrastructure, rendering them susceptible to highly advanced hackers.
The Difficulty of Recovery: A Grim Reality
Das highlights the already grim reality of recovering stolen cryptocurrency as being “extremely rare.” The decentralized characteristic of cryptocurrency systems means that transactions cannot be undone, and retaliating against North Korean operatives is “not a viable option because these are nation-state actors with top-tier cyber defenses.”
A Lifeline for Pyongyang: Funding Weapons Programs
Park Jung-won, a law professor at Dankook University, asserts that cryptocurrency theft has emerged as an increasingly important revenue stream for the North Korean regime. Park claims that crypto has “saved” Kim Jong Un’s regime, allowing it to continue funding its weapons programs. He points out that the stolen funds are initially meant for the state and are eventually diverted to military spending and the personal enrichment of the Kim family.
No End in Sight: A Persistent Threat
Park Jung-won expresses pessimism about the effectiveness of international scrutiny forcing North Korea to refrain from hacking. He argues that the regime’s central focus is its survival, and it has become dependent on the revenue from the theft of cryptocurrency.
A Call for Stronger Defenses: Protecting the Crypto Space
Das points out the cryptocurrency industry’s “best practices like secure-by-design smart contracts, internal verification, and constant social engineering awareness” to defend against sophisticated attacks. He advocates for information sharing within the industry to better identify and counter North Korean tactics.
The Fragmented Landscape: A Security Challenge
Das warns that the cryptocurrency space is still “fragmented” with no unifying security architecture. He cites the Bybit hack, where security tools themselves became targets and attackers abused the multi-signature wallet system Safe to bypass its purported security features, as an example of how even security tools can be weaponized. He believes many firms still regard security as a secondary consideration to the primary focus of speed of development.
An Urgent Security Imperative
The North Korean cryptocurrency theft escalates the threat to the digital asset ecosystem. The extent of the financial losses, the increasingly sophisticated attacks, and potential links to funding weaponry create an industry imperative to adopt stronger measures while collaborating to counter state-sponsored cybercriminals.
