Seoul, June 29 (Reuters)-The surge in the cryptocurrency market has wiped out millions of dollars stolen by North Korean hackers, four digital investigators said, subject to sanctions It threatens the country and its main source of funding for its weapons program.
According to the U.S. Treasury Department, North Korea has recently devoted resources to cryptocurrency theft, threatening a powerful hack and leading to one of the largest cryptocurrency robbery recorded in March. read more
A sudden plunge in the value of cryptocurrencies, which began in May, complicates North Korea’s ability to monetize it and other robbers, and into a weapons program, according to South Korean government sources, as the economy slows sharply. May affect funding plans. Due to the sensitivity of the problem, the source was not named.
Sign up now for unlimited free access to Reuters.com
North Korea has tested a record number of missiles, and Seoul’s South Korean Defense Analysis Institute estimates that it has cost as much as $ 620 million so far this year, preparing to resume nuclear testing in the midst of an economic crisis. I am doing.
Old, unwashed North Korean crypto holdings monitored by New York-based blockchain analysis firm Chainalysis, including funds stolen in 49 hacks from 2017 to 2021, have been stolen since the beginning of the year. The value has dropped from $ 170 million to $ 65 million, he told Reuters.
One of North Korea’s crypto cash from the 2021 robbery, worth tens of millions of dollars, has lost 80% to 85% of its value in the past few weeks and is now worth less than $ 10 million. Nick Karlsen said there is an analyst at TRM Labs, another US-based blockchain analysis company.
A person who answered the phone at the North Korean embassy in London said he could not comment on the crash because the allegations of cryptocurrency hacking were “totally fake news.”
“We didn’t do anything,” said a person who only recognized him as an embassy diplomat. North Korea’s Foreign Ministry calls such a claim US propaganda.
According to US officials, the $ 615 million attack on Ronin, a blockchain project that powers the popular online game Axie Infinity, was due to a North Korean hacking operation called the Lazarus Group.
Karlsen told Reuters that the interrelated price fluctuations of the various assets involved in the hack made it difficult to estimate how far North Korea could stay from the robbery. rice field.
If the same attack happened today, the stolen Ether currency would be worth a little over $ 230 million, but North Korea exchanged almost all of it for Bitcoin, which had separate price fluctuations, he said. Said.
“Needless to say, North Koreans have lost a lot of value on paper,” Karlsen said. “But even at low prices, this is still a big problem.”
The United States says Lazaro is controlled by the Korean People’s Army General Administration, North Korea’s main intelligence agency. He has been accused of being involved in a “WannaCry” ransomware attack, hacking international banks and customer accounts, and a cyberattack on Sony Pictures Entertainment in 2014. read more
Analysts are reluctant to provide details about the types of cryptocurrencies held by North Korea and may provide investigative methods. According to chain analysis, Ethereum, a common cryptocurrency linked to the open source blockchain platform Ethereum, is 58% of the $ 400 million stolen in 2021, or about $ 230 million. did.
Chainalysis and TRM Labs use publicly available blockchain data to track transactions and identify potential crimes. Such work is cited by sanctions monitors, and public contract records indicate that the two companies are working with US government agencies such as the IRS, FBI, and DEA.
Researchers say North Korea has been subject to widespread international sanctions on its nuclear program, limiting access to world trade and other sources of income, making crypto robbery attractive. ..
“Basic” to the nuclear program
Cryptocurrencies are estimated to be a small part of North Korea’s finances, but Eric Penton Boke, coordinator of the UN Expert Committee to oversee sanctions, held in Washington, DC in April. At the event, the cyber attack was “absolutely the basis of Pyongyang’s ability to avoid sanctions and raise funds for nuclear and missile programs.”
In 2019, sanctions monitors reported that North Korea generated an estimated $ 2 billion for a weapons of mass destruction program that used cyberattacks.
North Korea spends about $ 640 million annually on nuclear weapons, according to one estimate from a Geneva-based international campaign to eliminate nuclear weapons. Gross domestic product is estimated to be about $ 27.4 billion in 2020, according to the Central Bank of South Korea.
Pyongyang’s official source of income is more restricted than ever under a voluntary border blockade to fight COVID-19. China, its largest commercial partner, said in 2021 that it had imported over $ 58 million in commodities from North Korea in the lowest level of official bilateral trade in decades. Official figures do not include smuggling.
Aaron Arnold of London’s RUSI think tank said that North Korea has to use a broker who is willing to convert or buy cryptocurrencies without asking questions, so only a small portion of what has already been stolen is in hand. He said he wouldn’t enter. According to a February report by the Center for a New American Security (CNAS), it is estimated that in some transactions North Korea will only get one-third of the stolen currency.
After acquiring cryptocurrency by robbery, North Korea may find a broker who converts it into Bitcoin and buys it at a discounted price in exchange for cash, which is often held abroad.
“Like selling a stolen Van Gogh, you’re not going to get a fair market value,” Arnold said.
Conversion to cash
North Korean hackers have shown only “moderate” concerns about hiding their role compared to many other attackers, according to CNAS reports. This allows investigators to follow digital trails and launch attacks on North Korea, although they rarely make it in time to recover stolen funds.
According to Chainalysis, North Korea is looking at sophisticated ways to launder stolen cryptocurrencies and is increasing the use of software tools to pool and scramble cryptocurrencies from thousands of electronic addresses-digital storage. The person who specified the location of.
The content of certain addresses is often public, and companies such as Chainalysis and TRM can monitor that the investigation is related to North Korea.
Attackers tricked people into granting access or hacking security to suck digital money from Internet-connected wallets to North Korean-controlled addresses, Chainalysis said in this year’s report.
According to Karlsen, the magnitude of recent hacks has reduced North Korea’s ability to convert cryptocurrencies into cash as quickly as in the past. This means that some funds are stuck even if their value declines.
Bitcoin lost about 54% of its value this year, and smaller coins were hit hard. This reflects falling stock prices associated with rising interest rates and investor concerns about the potential for a global recession.
“If you want to use the money that North Korea stole, converting to cash is still an important requirement,” said Karlsen, who investigated North Korea as an FBI analyst. “Most of the commodities and products that North Koreans want to buy are traded only in US dollars or other fiat money, not cryptocurrencies.”
According to Arnold, Pyongyang has more reliable sources of funding. UN sanctions monitors recently announced in December 2021 that North Korea continues to smuggle coal-usually to China-and other major exports banned under a Security Council resolution. ..
North Korean hackers may appear to wait for a sharp drop in value or exchange rates before converting to cash, said Jason Bartlett, author of the CNAS report.
“It’s almost uncertain to predict when the value of a coin will rise rapidly, and this is sometimes because there are some cases of highly depreciated cryptocurrencies just sitting in a North Korean-linked wallet. It backfires, “he said.
Sectrio, the cybersecurity arm of Indian software company Subex, said there are signs that North Korea has begun to reinforce its attacks on traditional banks rather than cryptocurrencies in recent months.
The company’s banking-focused “honeypot” (a decoy computer system aimed at attracting cyberattacks) has seen an increase in “abnormal activity” since the cryptocurrency crash, tricking recipients. The number of “phishing” emails attempting to donate is also increasing. Sectrio said in a report last week away from security bulletins.
However, Chainalysis said no major changes have been seen in the behavior of North Korea’s cryptocurrencies, and few analysts expect North Korea to give up on digital currency robbery.
“Pyongyang has added cryptocurrencies to its sanctions avoidance and money laundering calculations, and this will probably remain a permanent goal,” Bartlett said.
Sign up now for unlimited free access to Reuters.com
Report by Josh Smith. Edited by Gerry Doyle
Our criteria: Thomson Reuters trusts the principles.