North Korean hackers stole a record $1.7 billion worth of cryptocurrency last year

Few forms of celebration come as close to the literality of burning money as fireworks and missile tests.

Thomas Osborne
Thomas Osborne
03 March 2023 Friday 22:24
20 Reads
North Korean hackers stole a record $1.7 billion worth of cryptocurrency last year

Few forms of celebration come as close to the literality of burning money as fireworks and missile tests. And, for North Korea, a big fan of both, the more it burns, the better. In 2022, she launched more than 95 cruise and ballistic missiles, a new record. That country especially likes to splurge on the biggest, flashiest rockets, like the intercontinental ballistic missile that fired east into the sea on February 18.

Despite not being able to feed its people, North Korea has found innovative ways to finance its missile program, such as counterfeiting foreign currency, fraud against insurance companies, or manufacturing and selling weapons and drugs. A more novel source of income is cryptocurrency theft. Last year, its hackers stole a record $1.7 billion, according to a February report by Chainalysis, a New York-based data firm.

Some of the North Korean thefts have been of exorbitant amounts. Last March, it breached the security of a cross-chain bridge (a method of moving cryptocurrency from one coin's blockchain to another) associated with the Axie Infinity game. When the heist was discovered, the value of the stolen currency exceeded $600 million, making it the second largest cryptocurrency heist in history.

However, as in all robberies, robbery is only the first step. To launder the loot, North Korean hackers employ all sorts of tricks, including dividing the money, moving it between different crypto wallets, converting it into different cryptocurrencies, and passing it through mixers (large digital funds where cryptocurrency owners can deposit funds to hide their origin).

Some of the stolen crypto is used directly. In 2022, two South Koreans (one of them an army captain) were arrested on suspicion of selling secrets to North Korea in exchange for bitcoins. Now, what North Korean hackers are mostly trying to do is convert loot into cold hard cash, either through a broker or, more commonly, through a centralized exchange. The obtained fiat currency is then used to purchase items through established procurement channels, which are handled by shell companies and North Korean embassies abroad.

Despite everything, most of the hacking and laundering operation is visible to the expert eye. “It's not something that happens in some dark corner of the world,” says David Carlisle of Elliptic, another blockchain analytics firm. “It happens in full view of the public on the blockchain.” That helps researchers track funds and understand hacking methods, and they're getting better at both.

The United States has blacklisted crypto wallets associated with North Korean hackers. In May, he identified Blender.io, a mixer used in the Axie Infinity hack. In September, US investigators recovered $30 million in cryptocurrency stolen in that hack. Given the drop in value of crypto after the heist, that represented about 10% of the total. On February 16, the Norwegian authorities seized another $5.8 million.

However, countries should take tougher measures, says Allison Owen of the Royal United Services Institute, a London-based think tank. “Most hacks start with relatively simple phishing attacks. Better regulation of the sector and better cyber hygiene would help prevent them.”

Meanwhile, the cryptocurrency sector itself is also improving its vigilance. On February 14, two centralized exchanges, Binance and Huobi, froze $1.4 million worth of cryptocurrencies associated with a North Korean hack.

Hackers also adapt and improve. “It's kind of a game of hit the mole,” says Carlisle. Even if the North Korean pirates could get hold of only a fraction of the $1.7 billion they have stolen, their effort would have been worth it, says Dennis Desmond, a former US intelligence officer who now teaches at Australia's Sunshine Coast University. “Everything is free cheese,” he says.

Desmond envisions a continued "arms race" in theft and theft prevention capabilities between hackers and cryptocrime fighters. If the latter succeed, they would also help curb the real arms race, the one taking place on the Korean peninsula, illuminated by the glare of ballistic missiles.

© 2023 The Economist Newspaper Limited. All rights reserved

Translation: Juan Gabriel López Guix