A recent confidential United Nations report indicates that North Korea continued to advance its nuclear and ballistic missile program in 2021 using funding generated from stolen cryptocurrency. Reuters was given access to the report, which evidenced Pyongyang’s use of cyberattacks on crypto exchanges and investment companies as an essential source of revenue for the hermit kingdom.
The revelation, which is far from the first instance of cyberattacks emanating from North Korea, may nonetheless result in consequences for actors in the crypto ecosystem. Indeed, most governments have regulations regarding the funding of terrorism and money laundering. These nations agree that the funding of the Kim family’s nuclear ambitions is an issue of concern. Accordingly, the misappropriation and theft of Bitcoin — among other cryptocurrencies — may result in agencies responsible for anti-money laundering and counter-terrorism financing like FATF and FinCEN paying increased attention to cryptocurrency exchanges.
A History of State-Sponsored Criminality
Formally known as the Democratic People’s Republic of Korea (DPRK), North Korea is a known human rights abuser and banned by the UN Security Council from the production and testing of nuclear weapons and ballistic missiles.
Despite this, the DPRK sees nuclear deterrence as the best way to maintain its sovereignty. The past 30 years have seen numerous violations of this ban, resulting in harsh sanctions on the country since 2006. The resultant stagnation has caused near economic collapse and famine, and it has done much to stifle the DPRKs conventional military forces — which still rely on obsolete Cold War-era Soviet and Chinese weaponry. Much of this has fallen into disrepair, making North Korea’s nuclear program something of a strategic hail mary.
Consequently, maintaining its missile program has pushed North Korea to adopt some unconventional strategies to acquire funds. In the past, this has included the servicing of conventional arms for other pariah states, the use of smuggling, the production of narcotics, and, most recently, cybercrimes — in particular the use of ransomware and the occasional theft of cryptocurrency.
How Much Crypto Has North Korea Stolen?
The secretive and paranoid nature of the Kim regime and the party it heads make acquiring exact numbers difficult. For example, according to the BBC, between 2020 and 2021, North Korean hackers stole more than $50 million in digital assets. Conversely, a report from Chainalysis attests that the DPRK netted $400 million in crypto assets in 2021 alone, targeting exchanges in North America, Europe, and Asia. Both these numbers are different from a UN report filed earlier in the year placing the number at $300 million.
Indeed, it would seem that a very large amount of money is going towards something that negatively affects global stability. Regardless, it represents only a small portion of the DPRK’s ill-gotten resources.
In contrast to the impression given by a recent spate of alarmist headlines, digital asset theft represents only a small portion of funds gathered through cybercrimes. In fact, in 2019, the UN reported that the DPRK netted about $2 billion as a result of cybercrime, which mostly consisted of ransomware and phishing attacks.
Who is Fighting North Korean Cybercrime?
The UN report seen by Reuters was passed on to the committee responsible for enforcing sanctions following its release. Whether the DPRK’s actions attract further sanctions, and whether or not these sanctions prove more effective than their predecessors, remains to be seen.
On an individual basis, crypto users can protect their assets from DPRK thieves the same way they protect them from hackers of every variety — through the use of a hardware wallet.
On an institutional level, cryptocurrency and blockchain remain a relatively new and novel technology — and one that changes faster than governments can regulate it.
Despite this, FinCEN, the US government agency responsible for anti-money laundering (AML), has an admirable record of monitoring cryptocurrencies and North Korea’s illicit business practices. As FinCEN comprises part of the Treasury’s Office of Terrorism and Financial Intelligence, the use of cryptocurrency by the DPRK falls right into its wheelhouse.
The same thinking applies to similar agencies in other countries. Whether it be Japan, one of the DPRKs traditional enemies, or the UK, a UN Security Council permanent member and long-term US ally that recently increased its regulations in the crypto sphere, the world is generally aligned on the issue of North Korea.
North Korea has proven itself exceedingly adaptable and resourceful when skirting regulations and pursuing its nuclear ambitions. The addition of cryptocurrency theft to its already expansive toolbox of illicit money-making operations should not be a surprise. Despite this, it is a unique, if somewhat foreboding, look into cryptocurrency’s potential and impact.
Considering the potential consequences of nuclear proliferation in an outlaw state, the crypto industry and authorities are for once likely on the same page that making it more difficult for North Korea to build bombs — either through sanctions or increased regulation of exchanges with lax security — is probably a step in the right direction.