North Korea Hacked Crypto Exchanges to Fund Its Missile Programs
Crypto Basics

North Korea Hacked Crypto Exchanges to Fund Its Missile Programs

Stolen cryptocurrencies are usually used to gain a personal advantage, but in the case of North Korea, the country is funding its nuclear programs.

North Korea Hacked Crypto Exchanges to Fund Its Missile Programs

Table of Contents

A fresh UN report and a study by security firm Chainanalysis confirmed that North Korea performed a series of cyberattacks in the last few years to obtain cryptocurrencies and continue to develop its nuclear and ballistic missile infrastructure.

The Democratic People’s Republic of Korea (DPRK) has been under United Nations sanctions since 2006 in an attempt to prevent the Asian country from carrying out further nuclear missile tests.

In 2017, a stricter embargo was applied over the country’s nuclear and missile program, following reports that it had continued expanding its nuclear capacity.

In order to circumvent the sanctions and continue to collect funds, resources, and technology from countries like Iran, North Korea resorted to cyberattacks on cryptocurrency centralized exchanges and investment firms in North America, Europe, and Asia.

How Much Has Been Stolen So Far?

It is estimated that from 2019 to November 2020, around $316.4 million in crypto assets had been stolen, with a single specific crypto hack occurring in September 2020 when $281 million worth of cryptocurrencies were stolen from an unspecified exchange. A second related hack of $23 million occurred in October of the same year.
The UN report, examined and documented by Reuters, states that $50M worth of cryptocurrency was stolen to fund the country’s missile program and nuclear weapon facilities between 2020 and 2021.

The Chainanalysis study goes as far as to report $400M was the amount stolen during the same period.

How Was the Money Laundered?

The Asian country has apparently laundered stolen cryptocurrencies from Chinese over-the-counter brokers who exchanged them with fiat currencies, especially the US dollar. The UN came to such conclusions from investigations over activities carried out by the Reconnaissance General Bureau, North Korea’s intelligence agency, currently on the UN sanctions blacklist for cyberattacks.

The United States reported that DPRK had performed nine ballistic missile launches in January of this year, considered the most significant monthly number in the history of the country’s missile programs. Apparently, it also recently tested a developmental hypersonic missile and a submarine-launched missile.

The UN report revealed that DPRK's cyberattacks on cryptocurrency exchanges and investment businesses represented a crucial revenue source for Pyongyang.

Never Leave Your Cryptos in Hot Wallets!

The Chainanalysis report investigated the different methods used by the hackers to siphon funds from crypto organizations. Many different techniques, including phishing lures, code exploits, and malware, were utilized to exploit companies' hot wallets and then move the stolen funds into North Korea-controlled addresses.
It is widely recommended to move large sums of cryptocurrency out of hot wallets because they are connected to the internet and therefore more vulnerable to hacking. Cold wallets are safer options because they can be used with no internet connection.

The Cybercriminal Lazarus Group

The Chainalysis report also revealed that the so-called Lazarus Group, a hacking group controlled by the Reconnaissance General Bureau, might be behind the cyberattacks.

The group is said to have operated since 2018 by stealing and laundering more than $1.75 billion worth of cryptocurrency in the time it’s been active, with many of the funds devoted to the DPRK’s nuclear program.

They stole cryptocurrencies from several exchanges, including UpBit in 2019, which gained them more than $49 million worth of cryptocurrency. KuCoin and another unnamed platform were also hacked in 2020 when $250 million were stolen in total.

The Kucoin Hack in 2020

KuCoin’s CEO revealed at the time that the hack occurred after cybercriminals gained access to the private keys of the exchange’s hot wallets. A thorough investigation concluded that Lazarus Group was behind the hack after analyzing the hackers’ use of specific money laundering tactics frequently used in the past. The strategy included utilizing a mix of different cryptocurrencies to obscure the trail back to the fund’s source and using DeFi platforms to launder a portion of the stolen funds.
DeFi platforms allow users to swap one type of cryptocurrency for another without a centralized custodial intermediary taking care of the users’ funds. This way, DeFi platforms don’t have to take KYC (Know Your Customer) data from customers, making it easier for cybercriminals to move funds with extra anonymity.

Another strategy applied by the group has been to increasingly use unique, different wallet and exchange deposit addresses to launder funds. By the end of December 2020, Lazarus Group had 2,078 separate cryptocurrency addresses, suggesting that it has progressively been spreading its funds around to mitigate the risk of any specific address being identified and frozen.

The UN security council suggested that the revenue generated from these hacks directly supports North Korea’s weapons of mass destruction and ballistic missile programs, thereby dodging international sanctions.

"Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out," the Chainanalysis report added.

Final Thoughts

Between 2020 and 2021, the hackers used several different cryptocurrencies, including BTC, Ethereum, and privacy coins like Monero, which are more challenging to track down from blockchain data. Only 20% of the stolen funds were Bitcoin, 58% were Ether, while 22% were ERC-20 tokens and other altcoins.
While cryptocurrencies like Bitcoin are popular among enthusiasts for being uncensorable and unconfiscatable, DPRK’s use of digital assets is seen in the industry as a threat and a way to enable massive-scale crime.
On the other hand, blockchain’s transparency that openly reveals movements of funds represents a way to track down criminal activities more efficiently and an opportunity to get the funds frozen or seized, as recently happened with the Bitfinex hackers' episode.

Although authorities often regard cryptocurrencies as money laundering tools, it is fair to wonder whether holding bad actors accountable for their crimes has ever been more attainable.

This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap. CoinMarketCap is not responsible for the success or authenticity of any project, we aim to act as a neutral informational resource for end-users.
6 people liked this article