New Report Blames N. Korean Cyberthreat Actors for Stolen Crypto Worth $ 3B Since 2017


(December 04, 2023) – Last week, a US-based private intelligence group Recorded Future’s threat research division Inskit Group released their latest report focusing on the cyberattacks that occur within the global cryptocurrency industry at the hands of North Korean threat actors.

According to the analysis, a steady increase of the number of attacks against the global crypto industry can be attributed to North American players since 2017. It goes on to state that these threat actors are responsible for the loss of approximately $ 3 billion worth of crypto, with $ 1.7 billion being stolen in 2022 alone, while possibility funding up to half of the Hermit Kingdom’s ballistic missile programme.

In spite of the isolated nature of the country, North Korea is home to a highly trained cadre of computer science professionals with exclusive access to cutting edge technologies, resources and information; which equips them with the skills needed for carrying out cyberattacks against the cryptocurrency industry.

In order to facilitate the movement of billions of dollars’ worth of stolen cryptocurrency, the elite North Korean regime has developed an extensive money-laundering network. Unfortunately, state-backing allows for unprecedented levels of scaling in these operations which are well beyond what is possible for other cybercriminals.

The continued theft of cryptocurrency continues to be a major revenue source for the regime, particularly in funding its military and weapons programmes. Even though it is unclear how much of the stolen cryptocurrency actually goes in to financing ballistic missiles, the sharp rise in stolen crypto and that of missile launches are undeniable.

In the absence of strong regulations and investments in cybersecurity for cryptocurrency firms, North Korea will continue to target this industry as a lucrative source of revenue to bolster the rule of the regime for a long time to come, even while being under international sanctions.

Anyone operating in the cryptocurrency industry — individual users, exchange operators, and financiers with a portfolio of startups — should be aware of the potential to be targeted by North Korean threat actors. Entities operating in the traditional finance space should also be on the lookout for North Korean threat group activities. Once cryptocurrency is stolen and converted into fiat currency, North Korean threat actors funnel the funds between different accounts to obscure the source. Oftentimes stolen identities, along with altered photos, are used to bypass anti-money-laundering and know-your-customer (AML/KYC) verification.

All this activity puts anyone operating in the industry at risk of becoming a potential target of North Korean threat actors and allows the regime to continue operating and funding itself while under international sanctions.