How crypto heists help North Korea fund its nuclear program
March 26, 2024A new report by a United Nations panel set up to monitor North Korea's compliance with international sanctions claims Pyongyang continues "malicious" cyberattacks that have netted the regime around $3 billion (€2.76 billion) in the six years to 2023.
The proceeds have reportedly funded as much as 40% of the cost of its weapons of mass destruction programs.
Analysts told DW that the crypto industry "is extremely concerned" that a powerful state actor is apparently carrying out virtual currency thefts effectively and with impunity, and that international law lags behind the rapid pace of development in the sector.
Similarly, they point out, the leaders of some of the nations that are most at risk of a cyberattack initiated by North Korea — notably South Korea, Japan and the United States — are presently preoccupied with serious political challenges that are taking up their time and energies.
The UN panel released its latest assessment of the state of North Korea's cyber activities on March 20, noting that it is investigating 58 cyber hacks against cryptocurrency-related companies between 2017 and 2023 that the panel believes were undertaken by Pyongyang.
The report concluded that North Korea is continuing its worldwide assault on financial institutions in order to evade UN sanctions and to cover the considerable cost of developing nuclear weapons and long-range missiles.
Funding for weapons programs
"The malicious cyberactivities of the Democratic People's Republic of Korea (DPRK) generate approximately 50% of its foreign currency income and are used to fund its weapons programs," the report said, referring to North Korea by its official name and citing information from an unnamed UN member state.
"A second member state reported that 40% of the weapons of mass destruction programs of the DPRK are funded by illicit cybermeans," the report stated.
Aditya Das, an analyst at the cryptocurrency research firm Brave New Coin in Auckland, New Zealand, said the industry has been shocked at the continuing "reach and complexity" of the crypto hacking efforts of the Lazarus Group, widely understood to be the cover for North Korea's state-run hacking team.
"The scale and quantity of the virtual currency thefts tied to the Lazarus Group — $615 million (€568 million) from Ronin Network, $100 million from Horizon, $100 million from Atomic Wallet — have been unprecedented," he told DW, adding: "It seems that any large crypto entity managing large amounts of crypto is on their radar."
Additionally, beyond these large thefts, Lazarus also appears to be going after smaller groups and individuals "with their wide net and repeatable attack approach," said Das.
Deploying applications and tokens on the blockchain provides better access to security resources, and the quality of decentralized application audits and standards have improved significantly in recent years, Das said, although contract security expertise is still limited and therefore expensive.
"Another key attack vector to address is human error and phishing," Das emphasized.
"Lazarus is known for its social engineering and phishing campaigns and they target employees of large organizations, send them e-mails and LinkedIn messages with trapdoor attachments."
$615 million stolen from crypto firm
That is how hackers managed to access the Ronin Network in April 2022 — through a sidechain linked to blockchain game Axie Infinity — with the company estimating faked withdrawals cost it nearly $615 million. And the attack was a success for the hackers despite cryptocurrency firms impressing the importance of operational security on employees.
The security of the sector is also hampered by the decentralized, freewheeling, global nature of crypto, which users like but which also makes it difficult for governments to regulate.
"If possible, it would be good to see the actual criminals prosecuted as opposed to the applications they use," said Das. "But we know how good North Korea is at hiding its tracks and denying hacking. So for now, if prosecution is not possible then prevention is the best option."
Unfortunately, with the North pouring resources into its hacking teams because it is such a critical source of the funds the regime needs, Das said he expects more attacks to be similarly successful.
Hacking attacks pose more than the threat of ruin to financial companies, pointed out Park Jung-Won, a professor of international law at South Korea's Dankook University.
The North's cyberteams are said to regularly test the defenses of South Korea's government agencies, banking system, defense contractors and infrastructure, including the nation's nuclear power sector.
"We are very familiar with the North's illegal activities and the government and military have in recent years been paying much more attention and devoting additional resources to ensure the security of the nation," he said.
Efforts are also under way internationally to draw up laws regulating the sector globally, though there are serious hurdles that need to be overcome before that can happen.
Cyberattack legislation
"We are trying to create legislation that will fight cybertheft, cyberterrorism and other similar violations, but specific standards are difficult to achieve because they need the consensus of all the states involved," Park said. "Right now, there are lots of loopholes that bad actors, like North Korea, can take advantage of."
It is difficult to reach agreement within South Korea about the laws that are needed to help fend off cyberattacks that threaten the nation, the legal expert said, with ruling and opposition parties unwilling to be seen to agree on any issues less than a month ahead of the election.
"We know that the North has created and trained special hacking teams that are very sophisticated and have been given the sole task of attacking us," Park underlined. "We urgently need to respond to these challenges."
Edited by: Srinivas Mazumdaru