North Korea Turns to Crypto Theft to Fund Weapons Programs
By Christy Lee February 23, 2022
Experts say North Korea is exploiting the lack of global regulatory controls on cryptocurrency to steal digital currencies to fund its nuclear weapons and missile programs.
"Crypto provides Pyongyang with a new form of currency that is significantly less regulated and understood by national governments, financial institutions and international bodies," Jason Bartlett, a researcher at the Center for a New American Security (CNAS) told VOA's Korean Service.
North Korea stole more than $300 million worth of virtual assets between 2019 and 2020, according to a U.N. panel of experts monitoring sanctions quoted in a report submitted to the U.N. Security Council earlier this month.
In the confidential report obtained in part by CBS News, the panel estimated that North Korea‚Äčn cyberattackers stole about $2 billion, presumably including cryptocurrencies as well as other assets, to fund the nation's weapons programs in 2019.
North Korea has ratcheted up its missile tests recently, test-firing 11 missiles in January.
Cryptocurrency is a digital form of currency that is "nearly impossible to counterfeit," is generally not issued by any central authority, theoretically "making it immune to government interference or manipulation," and allows for cheaper and faster money transfers. It can also be converted to fiat money, which is "a government-issued currency that is not backed by a physical commodity, such as gold or silver, but rather by the government issuing it," according to Investopedia.
Unlike cash in the form of the U.S. dollar or another currency regulated by a country's central bank, there is no central authority governing cryptocurrencies in many countries, including the U.S. and South Korea.
"A major loophole in crypto regulation that North Korea is increasing efforts to exploit is decentralized finance, also known as DeFi platforms," Bartlett said.
Funding weapons programs under sanctions
The absence of centrally regulated oversight in DeFi platforms leads to a poor practice of know-your-customer (KYC) protocols that gather information on customers, making it easier for North Korean cybercriminals to disguise their identifies to steal crypto funds, Bartlett said.
DeFi is an emerging financial technology that "eliminates intermediaries by allowing people, merchants and businesses to conduct financial transactions," according to Investopedia. "This is accomplished through peer-to-peer financial networks that use security protocols, connectivity, software and hardware advancements."
Bitcoin was the first digital currency. It emerged in 2009, and by 2021, cryptocurrencies recorded more than $14 trillion in trading volume.
A high trade volume has spurred cryptocurrency's rapid technological innovations. Bartlett said global and regional regulatory bodies "cannot seem to keep up" with the rise of innovations, enabling Pyongyang to increasingly turn toward cryptocurrency exchanges and away from traditional financial institutions.
Mathew Ha, an analyst at Valens Global, a national security research institute, told VOA's Korean Service that the lack of oversight in cryptocurrency exchanges makes North Korea favor hacking digital exchanges over traditional financial institutions, such as the Bangladesh Bank, the country's central bank, where it attempted a billion-dollar heist in 2016.
"It is a bit easier [to hack cryptocurrency exchanges than banks] mainly because of the regulatory risks and the security options that a bank may have to make it harder for [hackers] to be able to penetrate," Ha said. "North Koreans are actively targeting cryptocurrency exchanges... [as] their sanctions resistance strategies."
VOA's Korean Service contacted North Korea's permanent mission to the U.N. to ask about the allegations of its involvement in cryptocurrency thefts but did not obtain a response.
New revenue source
A report by cybersecurity firm Chainalysis found the number of cryptocurrency hacks and the amount of funds stolen increased sharply since 2017, the year the U.N. placed multiple sanctions on North Korea.
Identifying North Korean cyberhacking as "advanced persistent threats (APTs)," the report by Chainalysis pointed out North Korea netted nearly $400 million worth of digital assets by launching seven attacks in 2021.
Fred Plan, senior analyst at Mandiant Threat Intelligence, a cybersecurity firm, told VOA's Korean Service, "The fact that the cryptocurrency has had a lot of public interest, a lot of hype and very, very high market volatility is what makes it interesting for North Korea."
Plan continued, "It's very low risk for North Korea [relative] to some other kinds of operations they're doing, but there's potentially high reward."
However, because cryptocurrencies are stored and their transactions are recorded in a digital ledger called a blockchain, digital currency hacks are traceable and could be preventable, Erin Plante, senior director of investigations at Chainalysis told VOA's Korean Service.
"Cryptocurrency is inherently transparent - it operates on public, immutable blockchain ledgers - and so cryptocurrency can be easier to trace than other forms of value transfer," such as cash, Plante said.
"[Cryptocurrency] exchanges are able to freeze funds that are known to be tied to criminal activity, if they have the proper compliance processes and transactions monitoring tools in place. In some instances, exchanges were able to prevent the hackers from depositing or trading the stolen funds on their platforms," continued Plante.
The Chainalysis report cites North Korea laundered more than $90 million in stolen crypto assets in 2021. In February of that year, the U.S. Justice Department indicted three North Korean military hackers for conducing cyberattacks to stealing more than $1.3 billion of money and cryptocurrency.
According to Ha, North Korea faces challenges when trying to cash in their cryptocurrency funds because it has to find a third-party intermediary to facilitate transactions. "They're using the same [money laundering] tricks all over again, but in a different medium," he said.
Young Gyo Kim contributed to this report.
|Join the GlobalSecurity.org mailing list|