An official from the intelligence authorities announced on the 6th that North Korea identified about 160 billion won in cryptocurrencies owned by South Korean companies and hacked citizens last year. It is said that about 1/10 of the 1 trillion to 2 trillion won worth of cryptocurrency stolen by North Korea in cyberattacks around the world is linked to South Korea. South Korean and US intelligence authorities believe the stolen cryptocurrencies are being laundered and used as money for nuclear and missile development.
Chainalysis, an American blockchain analysis company, also revealed in its recently published annual report that a hacker organization linked to North Korea stole $1.65 billion (about 2.67 trillion won) of cryptocurrency through hacking last year alone . Last year, it accounted for 43.4% of the global cryptocurrency theft ($3.8 billion in total), and it increased almost four times from a year ago ($428.8 million). Given that North Korea’s total exports in 2020 were $142 million (about 177.9 billion won), cryptocurrency hacking is analyzed to account for a significant portion of North Korea’s economy.
North Korea’s hacking scale was around $1.5 million in 2016, but the amount increased significantly after UN sanctions against North Korea were implemented the following year. A diplomatic source said, “Hacking groups under the command of the General Intelligence Office have poured resources and capabilities, and as a result, their hacking capabilities have improved to the point where they are classified as ‘intelligent persistent threats (APTs)’ by all authorities intelligence.” In the industry, North Korea is said to be called a ‘crypto powerhouse’. This means that hacking in North Korea is common. North Korea’s focus on cryptocurrency hacking is said to be due to the fact that existing negative foreign currency earning methods such as drug deals and ‘super notes’ (highly detailed fake bills) are not working well as the sanctions network has become tighter and even. the borders are blocked due to corona.
In addition, unlike the rapid growth of the cryptocurrency ecosystem in recent years, the exchanges and related platforms are relatively weak in terms of security. The White House pointed out last month that “North Korea is extorting money by exploiting the weak cybersecurity of the entire cryptocurrency industry.” In particular, more than 80% of cryptocurrency thefts are carried out on decentralized financial protocols called ‘DeFi’. DeFi refers to a financial market where investors and exchanges provide direct financial transactions without institutional control such as the government or corporations. Recently, hacking accidents have occurred frequently, and it has been identified as a hotbed of cybercrime. A security industry official said, “It’s attractive to hackers because the code is publicly available.”
North Korea is pouring the stolen money into the development of weapons of mass destruction (WMD). Anne Neuberger, deputy adviser for cyber and emerging technologies at the White House National Security Council, said in July of last year, “We estimate that North Korea uses cyber technology to gain a third of its missile program money.” South Korea’s Ministry of Foreign Affairs also believes that the money secured by hacking cryptocurrency played a role in North Korea’s launch of more than 30 ballistic missiles at a cost of up to $650 million in the first half of last year.
However, North Korea is known to have difficulty converting the stolen digital currency into cash and is burdened with large amounts of money as brokerage fees. This is because the US Treasury Department has been sanctioning and freezing companies and electronic wallets linked to North Korean hackers since last year. Last year, the Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned mixing companies like ‘Blender’ and ‘Tornado Cash’, which make it difficult to track money by splitting and mixing cryptocurrencies, for helping North Korea. South Korea and the United States are expected to announce sanctions against North Korea in the field of cryptocurrency as soon as North Korea conducts a major provocation, such as the 7th nuclear test. In addition, although it is a symbolic measure, the government is also considering designating hacking groups linked to North Korea’s General Reconnaissance Bureau as subject to independent sanctions.