Wednesday, May 29, 2024


Dhaka Tribune

How crypto heists help North Korea fund its nuclear program

  • North Korea’s cyberattacks funded a significant portion of its weapons programs, totaling around $3 billion in six years
  • The crypto industry is extremely concerned that hackers linked to North Korea are apparently carrying out virtual currency thefts effectively, and with impunity
Update : 27 Mar 2024, 03:24 PM

A new report by a United Nations panel set up to monitor North Korea’s compliance with international sanctions has claimed that Pyongyang continues “malicious” cyberattacks that have netted the regime around $3 billion in the six years to 2023.  

The proceeds have funded as much as 40% of the cost of its weapons of mass destruction programs, it added.

Analysts told DW that the crypto industry “is extremely concerned” that a powerful state actor is apparently carrying out virtual currency thefts effectively with impunity and that international law lags behind the rapid pace of development in the sector.

Similarly, they point out, the leaders of some of the nations that are most at risk of a cyberattack initiated by North Korea — notably South Korea, Japan and the United States — are presently preoccupied with serious political challenges that are taking up their time and energies.

The UN panel released its latest assessment of the state of North Korea’s cyber activities on March 20, noting that it is investigating 58 cyber hacks against cryptocurrency-related companies between 2017 and 2023 that the panel suspects originated in the North.

The report concluded that Pyongyang continues its worldwide assault on financial institutions in order to evade UN sanctions and to cover the considerable cost of developing nuclear weapons and long-range missiles.

Funding for weapons programs

“The malicious cyber activities of the Democratic People’s republic of Korea (DPRK) generate approximately 50% of its foreign currency income and are used to fund its weapons programs,” the report said, referring to North Korea by its official name and citing information from an unnamed UN member state.

“A second member state reported that 40% of the weapons of mass destruction programs of the DPRK are funded by illicit cyber means,” the report stated.

Aditya Das, an analyst at cryptocurrency research firm Brave New Coin in Auckland, New Zealand, said the industry has been shocked at the continuing “reach and complexity” of the crypto hacking efforts of the Lazarus Group, widely understood to be the cover for North Korea’s state-run hacking team.

“The scale and quantity of the virtual currency thefts tied to the Lazarus Group — $615 million from Ronin Network, $100 million from Horizon, $100 million from Atomic Wallet — have been unprecedented,” he told DW, adding: “It seems that any large crypto entity managing large amounts of crypto is on their radar.”

Additionally, in between these large acts of theft, Lazarus appears to also be going after smaller groups and individuals “with their wide net and repeatable attack approach,” he said.

Deploying applications and tokens on the blockchain provide better access to security resources and the quality of decentralized application audits and standards have improved significantly in recent years, Das said, although contract security expertise is still limited and therefore expensive.

“Another key attack vector to address is human error and phishing,” Das emphasized.

“Lazarus is known for its social engineering and phishing campaigns and they target employees of large organizations, send them emails and LinkedIn messages with trap door attachments.”

$615 million stolen from crypto firm

That is how hackers managed in April 2022 to access the Ronin Network, a sidechain linked to blockchain game Axie Infinity, with the company estimating that faked withdrawals cost it nearly $615 million. And the attack was a success for the hackers despite crypto currency firms impressing the importance of operational security on employees.

The security of the sector is also hampered by the decentralized, freewheeling, global nature of crypto, which makes it difficult for governments to regulate — and which users like.

“If possible, it would be good to see the actual criminals prosecuted as opposed to the applications they use,” said Das. “But we know how good North Korea is at hiding its tracks and denying hacking. So for now, if prosecution is not possible then prevention is the best option.”

Unfortunately, with the North pouring resources into its hacking teams because it is such a critical source of the funds the regime needs, Das said he expects more attacks to be similarly successful.

Hacking attacks pose more than the threat of ruin to financial companies, pointed out Park Jung-won, a professor of international Law at Dankook University.

The North’s cyber teams are said to regularly test the defenses of South Korea’s government agencies, banking system, defense contractors and infrastructure, including the nation’s nuclear power sector.

“We are very familiar with the North’s illegal activities and the government and military have in recent years been paying much more attention and devoting additional resources to ensure the security of the nation,” he said.

Efforts are also underway to draw up laws for the sector that are accepted around the world, although there are serious hurdles that need to be overcome.

Cyberattack legislation

“We are trying to create legislation that will fight cybertheft, cyberterrorism and other similar violations, but specific standards are difficult to achieve because they need the consensus of all the states involved,” Park said. “Right now, there are lots of loopholes that bad actors, like North Korea, can take advantage of.”

It is difficult to reach agreement within South Korea about the laws that are needed to help fend off cyberattacks that threaten the nation, the legal expert said, with the ruling and opposition parties unwilling to be seen to agree on any issues less than a month ahead of the election.

Top Brokers


Popular Links