Introduction
North Korea’s launch of yet another intercontinental ballistic missile (ICBM) in February of 2023 displays unprecedented advancements in technological capability, defying expectations for a country under strong United Nations (UN) sanctions. North Korea has developed such capabilities in part by stealing billions in cryptocurrency. In 2022, North Korea executed more cryptocurrency theft and digital asset acquisition than ever before. North Korea’s targeted theft of cryptocurrency contributes to its foreign policy goal of ballistic missile proliferation, which would likely otherwise remain unattainable without comprehensive political and economic reform. The United States should deter North Korea by organizing a coalition and supporting the cyber defense capabilities of the states that are often targeted by North Korea’s cyberattacks.
The Development of North Korea’s Cyber Capability
Conventional assessments of North Korea often depict it as technologically underdeveloped and despotic, but such portrayals may oversimplify reality. The North Korean regime, compelled by a need for hard currency, began to develop modern cyber capabilities in the mid-1990s. Realizing the potential within the cyber realm to obtain intelligence from enemies and secure fiat currency to support its weapons programs, Kim Jong-il initiated cyber training at prestigious universities in Pyongyang. After finishing university, the trainees were sent overseas to earn money for the North Korean government. These trainees were tasked with pirating software and selling it to Chinese or South Korean customers. 90 percent of this was siphoned off to the Kim Jong-il regime.
North Korean cyber capability transformed in 2009 with the establishment of the Reconnaissance General Bureau (RGB). The RGB is the North Korean government’s primary foreign intelligence agency and consolidates various government intelligence groups into a single intelligence agency. Entrusted with cyber intelligence collection and clandestine operations, the RGB has played a key role in orchestrating cyberattacks. Since 2009, the RGB has established multiple hacking groups, the most well-known being the Lazarus Group. Other groups include Andariel, BlueNoroff, ScarCruft, and Kimsuky. Talented cyber actors in these groups have illicitly acquired cryptocurrency through ransomware attacks, website breaches, and infiltrations into cryptocurrency exchanges. These funds are then funneled to the North Korean government and spent on weapons.
North Korea illicitly acquires cryptocurrency by hacking into cryptocurrency exchanges and pilfering cryptocurrency and other digital assets. Cryptocurrency exchanges serve as platforms for digital currencies with minimal oversight. The pinnacle of North Korea’s illicit cryptocurrency acquisition unfolded in 2022. A leaked UN report estimated that North Korea-linked cyber actors stole USD 630 million in digital assets that year. However, independent cybersecurity experts from Chainalysis found that North Korea-linked cybercriminals, most notably those associated with the Lazarus Group, had stolen an estimated USD 1.7 billion in 2022.
Also in 2022, North Korean hackers breached Harmony, a blockchain that facilitates the exchange of tokens, stablecoins (a cryptocurrency that is pegged to a reference asset such as USD), and non-fungible tokens (NFTs). This breach resulted in the theft of a staggering USD 100 million worth of cryptocurrency. The hackers used Uniswap, a decentralized exchange that enables direct peer-to-peer cryptocurrency transactions, to convert Ethereum-based assets into 85,837 Ether (ETH). Subsequently, this ETH underwent a process known as “Tornado,” a cryptocurrency mixer service often used to obscure the origin and ownership of funds and launder the proceeds of a crime.
Cybersecurity firm Elliptic linked the attack to the Lazarus Group, noting that the methods employed to hack and launder the stolen funds bore the distinctive signature of the group. Early in 2023, the US Federal Bureau of Investigation released a detailed report confirming the involvement of the Lazarus Group in the theft of USD 100 million worth of Ether from Harmony’s Horizon Bridge, corroborating Harmony’s initial report made on June 24, 2022.
Cryptocurrency Theft to Achieve Foreign Policy Goals
North Korea, as highlighted by Kim Jong-un in his 2023 New Year’s Address, has a paramount policy objective: increase nuclear weapons production and develop new solid-fueled ICBMs as delivery systems. However, acquiring the fiat currency necessary to facilitate this pursuit has been difficult. Since 2006, North Korea has been subject to UN sanctions. Such sanctions have caused macroeconomic issues for North Korea.
Read More: How North Korea’s Cryptocurrency Theft Supports Foreign Policy Goals