North Korea has long been accused of being a major state sponsor of cybercrime. The isolated authoritarian regime uses hacking groups, including the infamous Lazarus Group, to target both large crypto companies and wealthy individuals, with the proceeds being used to prop up a country that, by any metric, is an economic basket case: the United Nations estimates such activity now accounts for 13% of North Korea's GDP.
An increased focus on targeting individuals with large crypto wealth has seen North Korean hackers make off with more than $2 billion so far this year alone, according to investigators at Elliptic, a research firm dedicated to identifying and stopping cybercrime (thanks, BBC). Elliptic says such individuals are "increasingly attractive targets" because they often lack "the security measures employed by businesses." Some individuals are targeted due to an association with businesses holding large amounts of cryptoassets.
This in turn has led to more hacks achieved through social engineering, rather than security flaws, which introduces further problems in estimating just how much of this activity is going on: individuals are less likely to report what's happened to them than companies.
"Other thefts are likely unreported and remain unknown as attributing cyber thefts to North Korea is not an exact science," said Elliptic's chief scientist Dr. Tom Robinson. "We are aware of many other thefts that share some of the hallmarks of North Korea-linked activity but lack sufficient evidence to be definitively attributed."
The way that assets are subsequently laundered is dizzying. Elliptic describes it as a "cat-and-mouse" game between the hackers and the infosec professionals chasing the money, and explains what happened with the estimated $1.4 billion obtained from this year's biggest hack, on the crypto platform ByBit:
- Multiple rounds of mixing and cross-chain transactions.
- Using obscure blockchains with limited analytics coverage.
- Reducing costs by purchasing utility tokens of specific protocols.
- Exploiting “refund addresses” to redirect assets to fresh wallets.
- Creating and trading tokens issued directly by laundering networks.
Elliptic estimates that 2025's proceeds take the total known value of cryptoassets stolen by the regime to more than $6 billion, with the true figure likely even higher. While the big money likes of ByBit make for eye-catching stories, North Korean hackers have also been linked to over 30 other attacks, often for much smaller amounts: Such as an attack on Woo X in July that saw nine users lose a combined $14 million.
For what it's worth, the North Korean regime has previously denied any involvement in hacks. Mind you, North Korea also says that in his only round of golf ever, the late Kim Jong-il shot a round that included 11 holes-in-one and ended up 38 under par. Don't take my word: all 17 of his bodyguards verified the feat.
1. RTX 5060 laptop | Lenovo LOQ 15 | $810 (save $490)
2. 1 TB SSD | Lexar NM790 | $66 (save $24)
3. Gaming chair | Corsair TC100 Relaxed | $160 (save $110)
4. 4K OLED monitor | MSI MAG | $750 (save $150)
5. GPU | ASRock RX 9070 XT | $640
👉Check out our full list of deals👈
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
