The Democratic People’s Republic of Korea (DPRK) is a lot of things: repressive, nuclear-armed, and funded by illicit drug sales. But making methamphetamine is just one way North Korea makes money. On top of tourism dollars (which, yes, people do visit the most repressive country on earth every year), North Korea also funds its trades through illegal schemes. There’s almost nothing the Kim regime won’t do to make money, that even the harshest of sanctions can’t touch. Counterfeiting American dollars, Chinese yuan, selling weapons, and literally trafficking anything from wildlife to humans. In 2022, however, some of its biggest incomes came from stealing a record amount of cryptocurrency worldwide.
A recent United Nations report will reveal that the DPRK stole more cryptocurrency in 2022 than any other year since the rise of crypto as financial assets. The UN report is still labeled as confidential, though it has been leaked to Reuters reporters. Much of the stolen assets were lifted from aerospace and defense firms around the world.
“(North Korea) used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance, and to steal information of potential value, including to its weapons programmes,” independent sanctions monitors reported to a U.N. Security Council committee.
The report was sent to the 15-member council’s North Korea sanctions committee early in February 2023 from its sanctions monitors. The same monitors accused the PRK of using similarly stolen money to fund the country’s nuclear weapons and missile development programs. North Korea’s cybercrime has netted the Kim regime around $1 billion in cryptocurrency, even after accounting for the fluctuations in crypto values.
“The techniques used by cyberthreat actors have become more sophisticated, thus making tracking stolen funds more difficult,” the report says.
Chainalysis, a U.S.-based blockchain analytics firm announced similar findings, but said the amount stolen by all cyberthieves was valued at as much as $3.8 billion. It also found that North Korea-linked criminal syndicates like the Lazarus Group had stolen $1.7 billion in crypto assets on their own. North Korea denies any involvement in hacking or cyberattacks.
“It isn’t a stretch to say that cryptocurrency hacking is a sizable chunk of the nation’s economy,” Chainalysis told Reuters.
American law enforcement agencies were able to recover some of the assets for the first time in 2022, but its recoveries, to the tune of $30 million, were a fraction of what was taken. North Korea’s intelligence agency, the Reconnaissance General Bureau, is believed to be leading the attacks on crypto assets.
According to the UN sanctions monitors, North Korea deploys malicious software through any means necessary, especially phishing attacks and ransomware, on organizations. Initial contacts are made through LinkedIn and other networking sites, which establish trust. The malware is then delivered via WhatsApp, according to the report.
Cryptocurrency theft is just the tip of the iceberg in North Korea’s illicit activities, and social media sites and apps are not limited to LinkedIn and WhatsApp. North Korean actors have been making contact through video games, and other international connections.
Although the report comes from the United Nations, it’s hard to prove North Korea is behind these kinds of attacks. Western agencies have little to no access to the country itself, and knowing the internal workings of the North Korean government is next to impossible. Much of the evidence of illicit activities comes from the reports of defectors and enemies of the regime.