It is a treasure that Pyongyang is discreetly building up. The latest cabinet report Chain Analysis reveals that North Korea is the country that stole the most cryptocurrencies in 2024. Of the 2.2 billion dollars stolen over the last twelve months, 1.34 billion was stolen by citizens of this state. A much higher loot than last year when they had embezzled “only” 660 million dollars.
These actions should be monitored closely. As early as 2022, the United Nations warned that some of the stolen cryptocurrencies were used to subsidize arms programs. According to the White Househalf of the North Korean missile manufacturing program is thus financed by cyberattacks and theft of cryptocurrencies.
This is all the more worrying as Kim Jong-un has moved significantly closer to Vladimir Putin since the start of the war in Ukraine. He sent 10,000 soldiers to Russia. And according to the Ukrainian president Volodymyr Zelenskyhe supplied “millions of artillery shells as well as missiles” to the Kremlin. “North Korea could be the match that triggers global chaos,” Robert A. Manning, researcher and former advisor to the American State Department, recently warned in a long interview given to L’Express.
North Koreans “infiltrated” into crypto companies
The North Koreans use various techniques to achieve their ends, for example by targeting the vulnerabilities of certain crypto infrastructures. This is how hackers were able to steal $305 million from customer accounts of the Japanese DMM Bitcoin. Amount that the latter then had to reimburse to the victims.
The hacks are sometimes facilitated by North Korean employees infiltrated in these same companies. The United States and many other countries are warning companies about the security and legal risks posed by recruiting citizens of this nationality. But tech companies that employ a lot of remote freelancers have trouble spotting them. Because the latter enter false names in their online profiles, use VPNs to hide their geographical position and sometimes produce false official documents – identity cards, etc. – which are very convincing. In other cases, they pay intermediaries of other nationalities to act as a front for them.
More and more skillful hackers
A long investigation of Coindesk revealed in October that more than twelve crypto companies had unknowingly recruited citizens of this country. Often, these infiltrators have the sole mission of landing a well-paid position and donating a large part of their salary to the regime. “Some find themselves in forced labor conditions,” points out one joint note from the FBI, the Department of State and the US Treasury. But North Korean hackers sometimes exploit the computer access these citizens obtain, to then break into the systems.
The number of successful crypto “heists” by North Korea has increased significantly, from 20 to 47 between 2023 and 2024, points out the Chainalysis report published on December 19. This acceleration is noticeable on the largest operations. While in 2023, an average of 220 days passed between two thefts of more than $50 million, this time is now less than a hundred days.
However, several measures can help companies in the crypto sector protect themselves from these attacks and, in particular, infiltration attempts. Among the signals that should alert, the FBI, the State Department and the US Treasury list “numerous connections to the same account coming from varied IP addresses, associated with different countries”, “developers continuously connected to their account for a day or even several” or even “technical configurations associated with the use of screen sharing tools”. It’s time to open your eyes.