18 Nov 2023

How North Korea makes a fortune stealing crypto

8:25 pm on 18 November 2023

By Matt Bevan and Yasmin Parry

In this handout photograph taken and released by the Government of the Primorsky region on September 17, 2023, North Korea's leader Kim Jong Un waves before boarding a train during a farewell ceremony at the end of his visit to Russia at the Artyom railway station near Vladivostok, in the Primorsky region. (Photo by Handout / Government of Primorsky region / AFP) / RESTRICTED TO EDITORIAL USE - MANDATORY CREDIT "AFP PHOTO / Government of Primorsky region" - NO MARKETING NO ADVERTISING CAMPAIGNS - DISTRIBUTED AS A SERVICE TO CLIENTS


In March 2022, a senior software engineer at a gaming company in Singapore got a job offer.

It was good news because things weren't great at their current company, Sky Mavis, makers of the play-to-earn game Axie Infinity. The value of its in-game cryptocurrency had crashed.

The engineer went through the job application process before finally being sent a PDF with the salary details.

He clicked the link, but the job offer was fake.

North Korean hackers now had access to Sky Mavis's private keys - the access codes for the company's cryptocurrency account.

They stole around $600 million in cryptocurrency in one of history's biggest heists - not just of cryptocurrency, but of anything.

As international sanctions have cut into North Korea's ability to import and export things, it's been running lots of plots and schemes to get access to foreign currency.

But it's discovered that nothing compares to stealing cryptocurrency. And last year, stealing cryptocurrency was North Korea's primary form of foreign currency income.

Criminal money-making plots

In 2017, getting foreign currency became harder for North Korea than ever before.

Leader Kim Jong-un launched multiple intercontinental ballistic missiles, angering the international community, particularly US president Donald Trump, who started calling him "little rocket man".

Trump threatened multiple times to "totally destroy North Korea".

In response, the United Nations placed incredibly strict sanctions on North Korea, blocking almost all trade into and out of the country.

The aim was to cut off North Korea's access to foreign currency, which would make buying supplies for their nuclear weapons and missile programs much harder.

So, they've started turning to criminal plots and schemes to make money.

One method is trading coal, which North Korea has a lot of.

Coal ships travel out of North Korean ports full of North Korean coal, turn off their satellite navigation beacons, and disappear off the map.

A little while later, they pop back up on the map empty, even though they don't make port anywhere to unload.

Meanwhile, ships designed to carry oil leave North Korea empty, disappear, then reappear full of oil.

Careful investigation by UN experts found that they're not in fact travelling to Atlantis, they're sidling up to another ship and using their cranes and pipes to transfer coal and oil in a ship-to-ship transfer.

Speculation is they're sidestepping sanctions and trading coal and oil with Russia and China.

According to the United Nations, this trade is illegal.

More plots and schemes

This is just one of the illegal ways North Korea is making money. Another is smuggling.

North Korea has a history of selling illegal goods through their embassies.

Heroin, methamphetamines, gold bars and guns have been transported to North Korea's embassies on trucks, ships and through diplomatic mail.

It's been reported that embassies sell these things on the street to fill a quota - they all have to raise a certain amount of foreign currency each year to send home to Pyongyang.

North Korean citizens are also sent overseas to get jobs in high-paying industries, like the tech sector, then send their pay cheques home to the North Korean government.

Maintaining all these schemes is very hard work for Supreme Leader Kim Jong-un, and they're not very lucrative.

A hundred grand here, a hundred grand there. It's chump change for a guy trying to build a formidable nuclear arsenal.

Cryptocurrency is where North Korea makes the big bucks.

Wannacry: The biggest cyber attack in history

In 2017, North Korea's hackers made one of their first attempts to raise revenue from cybercrime.

They developed a virus called Wannacry that wormed its way through a security flaw in Microsoft Windows in the biggest cyber attack in history.

The list of victims was extremely broad. The attack hit Britain's hospital network, Germany's rail system and scores of companies and government agencies.

The attack wasn't as effective as it could have been, though.

British cybersecurity researcher Marcus Hutchins found that the hackers had inserted a "kill switch" into the code in case they wanted to stop the virus from spreading any further.

So he just, kind of, flicked that switch.

Plus, news got around that even if you paid the ransom, there was no guarantee that your files would be unlocked.

While hundreds of thousands of computers were infected, fewer than 500 ransom payments were made.

The North Korean hackers received about 51 Bitcoin, which, thanks to the outrageous volatility of Bitcoin, could have been worth anywhere between US$100,000 and US$3.5 million, depending on when the hackers sold it.

Either way, it's not a huge amount.

To make real money, North Korea has turned its attention to robbing crypto exchanges and taking millions of dollars at a time.

North Korea hits the big time

Most people trade their crypto using cryptocurrency exchanges that basically do the same things a bank does.

But as opposed to banks, crypto exchanges are unregulated and often have poor security measures.

While robbing a bank is risky, robbing a crypto exchange, it appears, is just a matter of sending an attractive job offer to a senior employee.

North Korea's hackers have been robbing crypto exchange after crypto exchange.

In 2022, North Korea's hacking gang was responsible for half of all cryptocurrency theft. Their haul was US$1.65 billion.

That's more than three times the amount made globally from ransomware last year.

It's nearly twice as much as they made from all other exports.

Yes - to be clear - last year, stealing cryptocurrency was North Korea's primary form of foreign currency income.

Kim Jong-un celebrated this windfall by doing as many missile launch tests in a single year as he had in the previous decade.

North Korea tested 121 rockets in 15 months.

Now there's speculation Kim is selling some of his weapons to Russia to assist Vladimir Putin's war in Ukraine. Another exciting revenue stream.

At the moment, there's no real plan to stop him. Crypto exchanges are still unregulated, insecure pots of money that he - or anyone else - can raid to pay for nuclear weapons.

- This story was first published by ABC.

Get the RNZ app

for ad-free news and current affairs