How crypto crime is financing North Korean missiles

Cyber heists have totaled more than $1 billion over the last two years. While earlier this month, North Korea tested a ballistic missile capable of reaching the US mainland, prompting harsh condemnation from the G7 and the United Nations Security Council. And it’s all interconnected.

It was just the latest in a series of missile tests over the last 12 months and coincided with a threat from leader Kim Jong Un that the country was prepared to respond to US aggression with nuclear strikes.

North Korea isn't a rich country – and missile tests don't come cheap. But it's able to fund its program, in part, through crypto theft.

Attacks net millions

According to blockchain analysis firm Chainalysis, North Korean cyber criminals launched seven attacks last year, netting nearly $400 million in total – 40% more than in the previous year.

Alejandro Mayorkas, the US secretary of homeland security, puts the figure even higher, telling the House of Representatives that North Korea has carried out cyber heists of cryptocurrencies and hard currencies totaling more than $1 billion over the last two years.

This, he said, “largely funded its weapons of mass destruction programs.”

Mainly targeting investment funds and centralized exchanges, the attacks involved everything from social engineering and phishing to code exploits.

One major example was the breach of Ronin Network, a sidechain built for the play-to-earn crypto game Axie Infinity. Earlier this year, it was hacked by the notorious North Korean group Lazarus, which made off with $620 million of cryptocurrency.

While North Korea is currently by far the worst offender, other countries are launching state-sponsored crypto attacks too. In 2019, for example, FireEye concluded that hacking collective APT41 was attacking crypto firms on behalf of the Chinese government.

Meanwhile, the US Treasury warned earlier this year that Russia could target cryptocurrency companies in response to Western sanctions over the invasion of Ukraine.

Fighting the problem has two aspects: preventing breaches in the first place and recovering the funds. The latter is made easier by cryptocurrency's transparency, with traditional money laundering involving networks of shell companies and financial institutions in jurisdictions that may not be particularly keen to cooperate.

In September, Chainalysis announced that it had helped the FBI recover some of the funds stolen in the Axie Infinity hack – but only about 10%, with the remainder still sitting in cryptocurrency wallets under the hackers’ control.

"We have proven that with the right blockchain analysis tools, world-class investigators and compliance professionals can collaborate to stop even the most sophisticated hackers and launderers," it said.

Action on money-laundering

Earlier this month, the US and South Korea held a working group meeting at which they pledged to strengthen cooperation on the issue and said they were pursuing “a wide range of responses.”

They are calling for governments to raise awareness, share technical information and promote cyber security best practices. They also – far more crucially – want countries to strengthen their anti-money laundering measures.

One way in which hackers launder cryptocurrencies is through the use of 'mixers' – services that blend the funds of many users together to hide their origins and owners.

And just this month, mixer Tornado Cash was sanctioned by the US Treasury for, it says, laundering more than $100 million in cryptocurrency stolen by the Lazarus group on behalf of the North Korean government.

The Financial Action Task Force (FATF), an international body, recently warned that countries that fail to implement its anti-money laundering guidelines for cryptocurrencies could be added to a greylist, making them subject to increased monitoring.

However, the sheer number of cryptocurrencies, exchanges, and mixers makes the sector extremely hard to regulate, and, as with so many new technologies, crypto doesn't necessarily fit into existing regulatory structures.

"We continue to use multiple tools - both our intelligence cooperation to find activity, our sanctions designation to designate elements of cryptocurrency infrastructure that facilitate the movement of funds - as well as real efforts to improve the resiliency of banks and cryptocurrency infrastructure," says Anne Neuberger, US deputy national security advisor for cyber and emerging technologies.

North Korea’s growing use of crypto heists has also served to demonstrate the absence of meaningful international regulation of the same markets.

Experts are warning that the problem is likely only to get worse over the decade as crypto exchanges are increasingly decentralized and more goods and services –legal and illicit – are made available for purchase with cryptocurrency.

North Korean hackers can now “exploit new vulnerabilities in the latest blockchain technologies almost as quickly as they arise.”

While Washington has taken action against a handful of entities, including banks, exchanges, and crypto mixers, nothing it has done appears to have meaningfully hindered North Korea’s exploitation of the global proliferation of digital currencies.

“If we look back on sanctions in every other area of economics, they are highly matured markets that have clear regulation,” says Rohan Massey, partner at US law firm Ropes and Gray. “But crypto is a totally new asset. A lack of any real global understanding and jurisdictional regulation can be utilized quite easily.”

More from Cybernews:

WhatsApp data leak: 500 million user records for sale

RansomExx joins the ranks of ransomware gangs switching to Rust

UK bans Chinese cameras on government sites

Almost a thousand arrested over global $130m cyber fraud

Why individual arrests will not shut down LockBit

Subscribe to our newsletter