North Korean hackers have been reported to have stolen a staggering $3 billion in cryptocurrency since 2017, according to a recent report by Recorded Future’s Insikt Group. This revelation highlights the regime’s deep involvement in the cryptocurrency sector, transitioning from targeting financial institutions through the SWIFT network to a more widespread strategy during the cryptocurrency boom of 2017. Initially focused on South Korea, these attacks have since expanded globally.
In 2022 alone, North Korean threat actors are said to have stolen a significant $1.7 billion in cryptocurrency. This amount, equivalent to 5% of the country’s recorded economy or 45% of its military budget, underscores the substantial economic impact of these cyber operations. The illicit funds obtained through these means undergo typical laundering processes used by traditional cybercriminal groups, providing crucial financial resources for the regime despite international sanctions.
Supported by the state, North Korean threat actors conduct operations similar to those of other cybercriminal groups but on a larger scale, responsible for 44% of the stolen cryptocurrency in 2022. Their targets range from cryptocurrency exchanges to individual users, venture capital firms, and emerging technologies. The stolen cryptocurrency is often converted into fiat currency using various tactics such as stolen identities and manipulated photos to evade anti-money laundering measures.
Recorded Future’s research indicates that the regime views cryptocurrency theft as a significant revenue source, particularly funding military and weapons programs. Although the exact allocation for ballistic missile launches remains uncertain, there is a noticeable correlation between the increase in stolen cryptocurrency and the rise in missile launches.
The report emphasizes the necessity for stricter regulations, enhanced cybersecurity measures, and increased investments in cybersecurity for cryptocurrency firms. Recorded Future stated, “Without stronger regulations, cybersecurity measures, and investments in cybersecurity for cryptocurrency firms, North Korea is likely to continue targeting the industry for additional revenue.”
Despite restrictions on movement and the isolation of the general population, the regime’s elite and highly trained computer science professionals with privileged access to technology play a crucial role in carrying out cyber-attacks against the cryptocurrency industry. It is imperative for the industry to bolster cybersecurity defenses and regulatory frameworks to mitigate the ongoing threat posed by North Korean hackers.