How North Korea Funds Its Missiles With Cryptocurrency Theft

Few forms of celebration come as close to burning money as fireworks and missile tests. And for North Korea, big fan of both, the longer the better. In 2022, it launched more than 95 ballistic and cruise missiles, a new record. Above all, he likes to splurge on the biggest and flashiest rockets, like the ICBM he launched eastward into the sea on February 18.

Despite being unable to feed its population, North Korea has found innovative ways to fund its missile program, including counterfeiting currency, defrauding insurers, manufacturing and selling weapons and drugs. A new source of income is the stolen cryptocurrency. Last year, its pirates stole a record number of $1.7 billionaccording to a report published this month by Chainalysis, a New York-based data company.

Some of the North Korean flights are exorbitantly valuable. Last March, he stole an inter-chain bridge, a method of moving cryptocurrencies on the blockchain from one currency to another, associated with the game Axie Infinity. At the time it was discovered, the stolen currency was valued at over $600 million, making it the second largest cryptocurrency theft in history.

But as in all flights, the flight is only the first step. To launder their loot, North Korean hackers use all kinds of tricks, including dividing the money, moving it between different crypto wallets, converting it to different currencies, and passing it through mixers – large funds where cryptocurrency owners can deposit funds to hide their origin.

Some of the stolen crypto was used directly. In 2022, two South Koreans, including an army captain, were arrested on suspicion of selling secrets to the North in exchange for bitcoins. But North Korean hackers mostly try to convert loot into hard cash, either through a middleman or, more commonly, through a centralized exchange. The resulting fiat currency is then used to purchase items through established supply channels operated by shell companies and North Korean embassies abroad.

However, most operations of piracy there Whitening it is visible to expert eyes. “This doesn’t happen in some dark corner of the world,” says David Carlisle of Elliptic, another blockchain analytics company. “It happens in public in the block chain”. This helps investigators track funds and understand hacking methods, and they are doing better and better.

The United States has blacklisted crypto wallets associated with North Korean hackers. In May, he targeted Blender.io, a blender used in hacking Axie Infinity. In September, US investigators recovered $30 million in cryptocurrency stolen in this attack. Considering the drop in value of cryptocurrencies after the heist, this was around 10% of the total. On February 16, Norwegian authorities seized an additional $5.8 million.

But countries should take tougher action, says Allison Owen of the Royal United Services Institute, a London-based think tank. “Most hacks start with hacking attacks. Phishing relatively simple. Better regulation of the sector and cyber hygiene could help prevent them”.

Meanwhile, the cryptocurrency industry is improving its own vigilance. On February 14, two centralized exchanges, Binance there Houobifroze $1.4 million worth of cryptocurrency associated with a North Korean attack.

Hackers are adapting and improving too. “It’s kind of a mole game,” Carlisle said. Even if North Korean hackers could get their hands on just a fraction of the $1.7 billion they stole, it would have been worth it, says Dennis Desmond, a former US intelligence officer who now teaches at the Sunshine Coast University (Australia). “Everything is free cheese,” he says.

Mr. Desmond envisions an ongoing “arms race” in theft and anti-theft capabilities between hackers and cryptocurrency fighters. If crime fighters can get a grip, it could help stem the real arms race, ignited by a fire of ballistic missiles, unfolding on the Korean peninsula.

© 2023, The Economist Newspaper Limited. All rights reserved.

Continue reading: