A recent study by Recorded Future’s Insikt Group reveals an escalating threat to the global cryptocurrency industry by North Korean cyberactors. Over the last five years, it is estimated that North Korea has illicitly amassed over $3 billion in cryptocurrency, half of which was stolen just in 2022. The study suggests that the state-backed cyber-banditry has been channeling funds into the rogue nation’s military and weapons programmes. In fact, the theft may fuel as much as 50% of North Korea’s ballistic missile program, causing global concern.
The clandestine cyber activities of North Korean threat actors are not just confined to audacious theft; they also encompass vast-scale money-laundering networks. These structures handle ‘cleaning up’ and utilising the stolen cryptocurrency, converting digital wealth into hard currency or procuring goods and services in support of the regime. Despite North Korea’s apparent global isolation, its elite and their computing specialists have regular and privileged access to emerging resources, technologies and information – enough to boost their cryptocurrency-focused cyberattacks.
The report conducted a comprehensive analysis of the strategies wielded by North Korean threat actors to stay undetected. Apart from targeting cryptocurrency exchanges, these cyber criminals have aimed at individual users, venture capital firms and companies dealing with cryptocurrency. Anyone or any entity within the industry is at potential risk of running afoul of these North Korean cyber attackers. Moreover, the stolen identities often serve to bypass anti-money-laundering (AML) and know-your-customer (KYC) verification, adding a layer of complexity to tracing these criminal activities.
The large-scale plundering of cryptocurrency has clearly become a significant revenue stream for the North Korean regime, in particular for funding its military and weapons programmes. The increasing link between stolen cryptocurrency and the country’s blatant missile launches cannot be dismissed. With every successful heist, North Korea gleans more resources to stave off international sanctions and continue its contentious operations.
Without a pronounced and aggressive development in regulations, cybersecurity requirements, and investments in cybersecurity for cryptocurrency firms, North Korea is expected to continually exploit the cryptocurrency industry to buttress its regime. Awareness of the potential danger posed by North Korean threat actors is crucial, not just for those operating in the cryptocurrency industry, but also entities in the traditional finance space.
The research also incorporated a number of mitigation strategies for individuals and companies within the cryptocurrency sphere. This includes enabling Multi-Factor Authentication (MFA) for software wallets and transactions, verifying the legitimacy of requested transactions, using hardware wallets for added security, resisting pressure tactics among others. These strategies aim to fortify cryptocurrency operators against such malicious cyber activities.
The report, ‘Crypto Country: North Korea’s Targeting of Cryptocurrency’, offers alarming insights into a situation that threatens to impact the global economy and geopolitical stability. Firms, governments and individual cryptocurrency holders would do well to pay heed to its implications.
About Author
