SEOUL, June 29 (Reuters) – A crackdown on cryptocurrency markets has wiped out millions of dollars in stolen funds by North Korean hackers, four digital investigators say, threatening the main source of funding for the embargoed country and its weapons program.
North Korea has poured resources into stealing cryptocurrencies in recent years, turning it into a powerful hacking threat and leading to the largest cryptocurrency theft on record in March, with nearly 15 615 million stolen, according to the U.S. Treasury. Read more
The sudden sinking of cryptocurrencies, which began in May amid a major economic downturn, complicates Pyongyang’s ability to cash in on those and other lootings and could affect how it plans to finance its weapons program, two South Korean officials said. Sources said. Sources who did not want to be named due to the sensitivity of the issue.
Register now for free unlimited access to Reuters.com
It comes as North Korea tests a record number of missiles – which the Korea Institute for Defense Analysis in Seoul estimates cost $ 620 million so far this year – and prepares to summarize nuclear tests amid an economic crisis.
The old, unlined North Korean crypto holdings, monitored by New York-based blockchain analytics firm Chanellyis, which includes 49 hacked funds from 2017 to 2021, has seen its value drop from শুরু 170 million to $ 65 million since the beginning of the year.
From a 2021 hijacking of a North Korean cryptocurrency cash worth millions of dollars, it has lost 80% to 85% in the past few weeks and is now worth less than $ 10 million, says Nick Carlsen, an analyst at TRM Labs, another US-based blockchain analysis firm. .
A man who answered the phone at the North Korean embassy in London said he could not comment on the crash because allegations of cryptocurrency hacking were “completely fake news.”
“We did nothing,” said the man, who would only introduce himself as an embassy diplomat. North Korea’s foreign ministry has called the allegations “US propaganda.”
U.S. authorities say the $ 615 million March attack on blockchain project Ronin, which powers the popular online game Axie Infinity, is the work of a North Korean hacking operation known as the Lazarus Group.
Carlsen told Reuters that the movement of interconnected prices of various assets involved in the hack made it difficult to estimate how much North Korea was able to protect itself from that theft.
If the same attack happened today, the value of the stolen ether currency would be a little over 230 million, but North Korea has almost entirely switched to bitcoin, whose prices have changed separately, he said.
“Needless to say, North Koreans have lost a lot of value on paper,” Carlsen said. “But even at disappointing prices, it’s still a huge journey.”
The United States has said Lazarus is controlled by North Korea’s primary intelligence bureau, the Reconnaissance General Bureau. It is accused of being involved in the “WannaCry” ransomware attack, hacking into international banks and customer accounts, and the 2014 cyber-attack on Sony Pictures Entertainment. Read more
Analysts are reluctant to elaborate on what kind of cryptocurrency North Korea has, which could leave investigative methods untouched. Ethereum, a common cryptocurrency associated with the open-source blockchain platform Ethereum, accounted for 58% of the $ 400 million stolen in 2021, or about 0 230 million, Chanelysis said.
Chainalysis and TRM labs use publicly available blockchain data to trace transactions and identify potential offenses. Such work has been cited by Prohibition Monitor, and according to public contracting records, both agencies work with U.S. government agencies, including the IRS, FBI and DEA.
North Korea is subject to extensive international sanctions for its nuclear program, giving it limited access to world trade or other sources of income and making cryptocurrencies attractive, investigators say.
From ‘fundamental’ to nuclear program
Although cryptocurrencies are thought to be a small part of North Korea’s money, Eric Penton-Vok, a coordinator of a panel of experts monitoring UN sanctions, said at an event in Washington, D.C., in April that cyber-attacks had “absolutely turned into sanctions and sanctions.” Is fundamental to Pyongyang’s ability to raise money for “.
In 2019, sanctions observers reported that North Korea earned an estimated $ 2 billion for its weapons of mass destruction program using cyber attacks.
The Geneva-based International Campaign to Abolish Nuclear Weapons estimates that North Korea spends about $ 640 million a year on its nuclear arsenal. According to South Korea’s central bank, the country’s gross domestic product in 2020 was estimated to be about .4 27.4 billion.
Pyongyang’s official sources of revenue are more limited than before under the self-imposed border lockdown to deal with Covid-19. China – its largest trading partner – said in 2021 that it imported only 58 58 million worth of goods from North Korea, the lowest level of formal bilateral trade in decades. Official numbers do not include smuggling.
North Korea already gets a fraction of what it steals because it must use brokers willing to convert or buy cryptocurrencies without asking any questions, says Aaron Arnold of the RUSI think-tank in London. A February report by the Center for New American Security (CNAS) estimated that in some transactions, North Korea received only one-third of the currency it stole.
After receiving the cryptocurrency in a hysteria, North Korea occasionally converts it into bitcoin, then finds brokers who will buy it at a discount in exchange for cash, which is often kept out of the country.
“Like selling a stolen van Gogh, you’re not going to get a fair market price,” Arnold said.
Converting to cash
The CNAS report found that North Korean hackers show only “moderate” concern for hiding their role compared to many other attackers. This allows investigators to occasionally follow the digital path and blame North Korea for the attack, although there is little time to recover stolen funds.
According to ChannelIlysis, North Korea has become a sophisticated way of laundering stolen cryptocurrencies, increasing its use of software tools that pool and scramble cryptocurrencies from thousands of electronic addresses – designated for a digital storage location.
The content of a given address is often publicly viewed, allowing organizations such as Chainalysis or TRM to monitor investigations into North Korea.
The attackers cheated or hacked around security to give people access to siphon digital funds from an Internet-connected wallet at a North Korea-controlled address, Chanellyis said in a report this year.
The sheer size of recent hacks has strained North Korea’s ability to convert cryptocurrencies to cash as quickly as in the past, Carlsen said. That means some funds are stuck and even their value has dropped.
Bitcoin has lost about 54% of its value this year and even smaller coins have hit hard, reflecting a slide in equity prices linked to investors ’concerns about rising interest rates and the potential for a global recession.
“If North Korea wants to use the stolen funds, it is important to convert them into cash,” said Carlsen, who investigated North Korea as an FBI analyst. “Most of the goods or products that North Koreans want to buy are traded only in USD or other fiat, not in cryptocurrency.”
Arnold said Pyongyang has a larger source of funding on which it can rely. Observers of UN sanctions recently said in December 2021 that North Korea continues to smuggle coal – usually to China – and other major exports under the Security Council resolution.
Jason Bartlett, author of the CNAS report, says North Korean hackers are sometimes seen waiting for a rapid decline in prices or exchange rates before converting to cash.
“This is sometimes reversed because there is very little certainty in predicting when the value of a currency will rise rapidly and there are several instances of high devaluation of crypto funds sitting in a North Korea-linked wallet,” he said.
Secretary of the cybersecurity division of Indian software firm Subex also said that North Korea has in recent months resumed attacks on conventional banks instead of cryptocurrencies.
The firm’s banking sector-centric “Honeypots” – a decoy computer system aimed at attracting cyber attacks – has seen “extraordinary activity” since the crypto crash, as well as “phishing” emails, trying to fool recipients away security information, Sectrio said last week. Said in a report.
But Chanellysis says it has yet to see a major change in North Korea’s crypto behavior, and some analysts expect North Korea to stop looting digital currency.
“Pyongyang has added cryptocurrency to its sanctions evasion and money laundering calculations and this will probably be a permanent goal,” Bartlett said.
Register now for free unlimited access to Reuters.com
Reporting by Josh Smith. Edited by Gary Doyle
Our value: Thomson Reuters Trust Policy.