North Korea’s Growing Crypto Hacking Threat Is Spiraling

The Democratic People’s Republic of Korea (DPRK) has sharpened its focus on cryptocurrency. It marks a significant shift in revenue generation strategies. Since 2017, DPRK’s threat actors have been actively targeting this industry to navigate stringent sanctions imposed on the country. 

Privileged Access: A Gateway for Cyber Attacks

Despite North Korea’s tight control over its population’s movement and access to global information, a select group within the regime enjoys privileged access. Recorded Future, a cybersecurity firm, highlights this aspect. The elite class, consisting of highly trained computer science professionals, leverages new technologies and information. This exclusive group benefits from access to resources and sometimes international travel, providing them with the skills to execute sophisticated cyber attacks, particularly against the cryptocurrency industry.

The U.S. Treasury Department’s recent sanctions against Sinbad, a virtual currency mixer linked to North Korea’s Lazarus Group, spotlight the regime’s evolving tactics. Lazarus Group is known for using such platforms to launder proceeds from their illicit activities.

These threat actors are estimated to have stolen crypto assets worth $3 billion over the past six years, with $1.7 billion reportedly plundered in 2022 alone. The majority of these stolen funds are believed to fuel North Korea’s weapons of mass destruction (WMD) and ballistic missile programs.

North Korea’s Influence on the DeFi Hacking Trend

Chainalysis, in its 2023 Crypto Crime Report, points out that $1.1 billion of the total theft is due to hacks of DeFi protocols. That firmly places North Korea among the key drivers of the DeFi hacking trend that surged in 2022. The U.S. Department of Homeland Security (DHS) also highlighted the Lazarus Group’s exploitation of these protocols earlier this September.

DeFi exchange platforms offer an ideal environment for DPRK cyber actors to maneuver and make tracking more challenging.

Tactics Employed by DPRK Hackers

State-sponsored North Korean cyber actors are technologically advanced and adept at social engineering. They often target employees of online cryptocurrency exchanges with the lure of lucrative job offers. Once they engage their victims, these hackers distribute malware that provides remote access to the company’s network.

This access enables them to drain assets and transfer them to DPRK-controlled wallets. It illustrates a sophisticated blend of technological prowess and psychological manipulation.