Pyongyang already has the 3rd largest stockpile of bitcoins on the planet
North Korean hackers have been operating in recent years to steal and accumulate billions of dollars in cryptocurrencies, placing the country in the ranking of nations with the largest reserves of digital tokens.
At the end of February, hackers belonging to the Lazarus Group – a known North Korean cryptocurrency theft network – managed to appropriate $1.5 billion (R$ 8.8 billion) in digital tokens from the cryptocurrency company ByBit, based in Dubai.
According to the company, the group managed to hack its Ethereum digital wallet, the second-largest cryptocurrency after Bitcoin. Binance News, a new platform operated by the cryptocurrency exchange company Binance, reported that North Korea has already accumulated another 13,562 bitcoins, equivalent to $1.14 billion (R$ 6.7 billion).
Bitcoin is the oldest and most popular cryptocurrency in the world, often compared to gold due to its supposed resistance to inflation. Only the U.S. and the U.K. have larger reserves than the North Koreans, according to the cryptocurrency platform Arkham Intelligence.
"Let's not mince words – (North Korea) achieved this through theft," says Aditya Das, an analyst at the cryptocurrency research firm Brave New Coin in Auckland, New Zealand.
"Global security agencies, such as the FBI, have publicly warned that state-sponsored hackers from North Korea are behind several attacks on cryptocurrency platforms."
Despite these warnings, crypto companies remain vulnerable to cyberattacks, which are becoming increasingly sophisticated, the analyst said.
"North Korea employs a wide range of cyber attack techniques but has become especially known for its skill in social engineering," explains Das, referring to the manipulation technique used to obtain private information by exploiting human errors.
"Many of their operations involve infiltrating employee devices and then using that access to breach internal systems (of companies) or set traps from within."
According to Das, the main targets of hackers are cryptocurrency startups, exchanges, and decentralized finance platforms (based on blockchains, which operate without intermediaries), due to their "security protocols that are often less developed."
"Extremely rare" to recover the amounts, says expert
Elite North Korean hackers tend to take time to infiltrate a legitimate global organization, often posing as venture capitalists, recruiters, or remote IT workers to build trust and breach the defenses of companies.
"One group, Sapphire Sleet, lures victims to download malware disguised as job listing apps, meeting tools, or diagnostic software – essentially turning the victims into their own attack vectors," explains Aditya Das, an analyst at the cryptocurrency research firm Brave New Coin.
After cryptocurrency is stolen, Das says that recovery is "extremely rare." Cryptocurrency systems are designed to make transactions irreversible, and counterattacking North Korean agents "is not a viable option because they are state actors with high-level cyber defenses."
Park Jungwon, a law professor at Dankook University, claims that North Korea in the past relied on risky transactions to obtain illicit funds. Now, however, cryptocurrency "has been a major opportunity" for North Korean leader Kim Jong-un.
"Given how the world was cracking down on smuggling from Pyongyang, cryptocurrencies saved the regime," Park assesses.