North Korea funded its nuclear and ballistic missile programs in part through multiple attacks on cryptocurrency platforms, reportedly to the tune of nearly AUD$620 million (US$400 million) in 2021.
The money is being used to further develop its capabilities to produce nuclear fissile materials, according to a confidential United Nations Security Council document, obtained by news agency Reuters.
"Maintenance and development of Democratic People's Republic of Korea's (DPKR) nuclear and ballistic missile infrastructure continued, and [it] continued to seek material, technology and know-how for these programs overseas, including through cyber means and joint scientific research," the UN report said.
Although there have been no reports of nuclear tests or launches of intercontinental ballistic missiles, the country is subject to sanctions aimed at limiting funding of its nuclear and ballistic missile programs.
According to sanctions monitors, there has been a "marked acceleration" in missile testing, even as the sanctions have been tightened to limit its access to funding sources.
Banner year for North Korean crypto attacks
North Korean cybercriminals had a “banner year” in 2021, launching at least seven attacks to gain custody of funds and then go through a careful laundering process to cover it up and cash out, according to a January report by blockchain data platform Chainalysis, referenced in the UN report.
“These attacks targeted primarily investment firms and centralised exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organisations’ internet-connected “hot” wallets into DPRK-controlled addresses,” the firm said.
The sophisticated attacks have even been labelled as advanced persistent threats (APTs) by some security researchers.
“This is especially true for APT 38, also known as ‘Lazarus Group’ which is led by DPRK’s primary intelligence agency, the US- and UN-sanctioned Reconnaissance General Bureau,” Chainalysis said.
If the name sounds familiar, it’s because Lazarus Group was behind the Sony Pictures and WannaCry cyberattacks, although it’s now focusing on crypto crime, according to Chainalysis.
North Korean-linked crypto attacks have been on the rise in recent years, growing from four to seven from 2020 to 2021, with the value of ill-gotten digital assets rising by 40 per cent.
"The most successful individual hacks, one on KuCoin and another on an unnamed cryptocurrency exchange, each netted more than $350 million (US$250 million) alone,” noted Chainalysis.
Complex web of crypto laundering
North Korea relies on a complex money laundering process using ‘mixers’, or software that pools and scrambles different cryptocurrencies from thousands of addresses.
Funds are swapped from one currency to another through a decentralised exchange and mixed and consolidated into new wallets and eventually cashed out through crypto-to-fiat exchanges.
In 2021, more than 65 per cent of North Korea’s stolen funds were laundered through mixers, up from 42 per cent in 2020 and 21 per cent in 2019, according to Chainalysis data.
Even with this, the country has massive unlaundered crypto funds, as much as $240 million (US$170 million) in current balances up to six years old.
It represents stolen funds from 49 separate North Korea-backed hacks from 2017 to 2021 that are yet to be laundered.
“Systematic and sophisticated, North Korea’s government, be it through the Lazarus Group or its other criminal syndicates, has cemented itself as an advanced persistent threat to the cryptocurrency industry in 2021,” the firm said.