fnew form Celebrations are as close to burning money as fireworks and missile tests. For North Korea, a big fan of both, the more it burns, the better. It launched more than 95 cruise and ballistic missiles in 2022, a new record. It likes to splurge on the biggest, flashiest rockets, like the intercontinental ballistic missile it launched eastward on Feb. 18.
Despite being unable to feed its own people, North Korea has found innovative ways to fund its missile program, including falsifying foreign exchange, engaging in insurance fraud and manufacturing and selling weapons and drugs. A more novel source of income is stolen cryptocurrencies. Hackers from New York-based data firm Chainalysis stole a record $1.7 billion in assets last year, according to a report this month.
Some of North Korea’s hacking thefts have been staggeringly large. Last March, it tore down a cross-chain bridge, a method of transferring cryptocurrency from one coin’s blockchain to another, associated with the game Axie Infinity. At the time of discovery, the stolen currency was worth more than $600 million, making it the second largest cryptocurrency theft ever.
But as with all heists, the heist is only the first step. To launder their loot, North Korean hackers used a variety of tricks, including separating the money, moving it between different crypto wallets, converting it into different coins and passing it through mixers — large pools of numbers where crypto owners can trade in Funds are deposited in them to conceal their identities. origin.
Some stolen cryptocurrencies are used directly. In 2022, two South Koreans, including an army captain, were arrested on suspicion of selling secrets to North Korea in exchange for bitcoin. But North Korean hackers have mostly tried to turn the loot into cash through brokers or, more commonly, centralized exchanges. The fiat currency obtained is then used to purchase items through established procurement channels, which operate through front companies and North Korean embassies abroad.
However, most hacking and money laundering activities are visible to experts. “It’s not going to happen in some dark corner of the world,” said David Carlisle of Elliptic, another blockchain analytics firm. “It’s happening openly on the blockchain.” That helps investigators track funds and understand hack methods — and they’re getting better at both.
The United States has blacklisted crypto wallets linked to North Korean hackers. In May, it targeted Blender.io, the mixer used in the Axie Infinity hack. In September, U.S. investigators recovered $30 million worth of cryptocurrency stolen in that hack. Given the drop in value of cryptocurrencies following the heists, this accounts for about 10% of the total. On 16 February, Norwegian authorities seized an additional $5.8 million.
But Alison Owen of the Royal United Services Institute think tank in London argues that countries should take tougher measures. “Most hacks start with relatively simple phishing attacks. Better regulation of the industry and cyber hygiene can help prevent them.”
Meanwhile, the crypto industry is getting better at self-regulating. On Feb. 14, two centralized exchanges, Binance and Huobi, froze $1.4 million in cryptocurrencies linked to a North Korean hack.
Hackers are also adapting and improving. “It’s a bit of a game of whack-a-mole,” Mr Carlisle said. Dennis Desmond, a former U.S. intelligence officer who now teaches at the University of the Sunshine Coast in Australia, pointed out that even if North Korean hackers actually got their hands on a fraction of the $1.7 billion they stole, all this worth it. “It’s all free cheese,” he said.
Mr Desmond foresees a continuing “arms race” between hackers and crypto criminals in terms of theft and anti-theft capabilities. If the fight against criminals can gain the upper hand, it could help slow down an actual arms race on the Korean peninsula against the backdrop of ballistic missiles. ■