North Korean Crypto Hacks amount to 2% of their 2017 GDP

Mar 20, 2019   |   by Marvin Ordonez   |   

A recent report by the United Nations Security Council has linked a large number of the cryptocurrency hacks that have occurred over the last three years to the infamous North Korean, state-sponsored, hacking group Lazarus. According to the report, North Korea has stolen over half a billion USD in cryptocurrencies from these hacks.

The research conducted by the United Nations Security Council is in alignment with renown cybersecurity firm FireEye which stated in a 2017 blog post that

“In 2016 we began observing actors we believe to be North Korean utilizing their intrusion capabilities to conduct cybercrime, targeting banks and the global financial system. This marked a departure from previously observed activity of North Korean actors employing cyber espionage for traditional nation-state activities... Now, we may be witnessing a second wave of this campaign: state-sponsored actors seeking to steal bitcoin and other virtual currencies as a means of evading sanctions and obtaining hard currencies to fund the regime. Since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds. The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware (PEACHPIT and similar variants) linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016.”


Lazarus Group first appeared a little more than a decade ago and, in their beginnings, they primarily focused on DDoS attacks against the South Korean government. However, in just a few years time they went from DDoS attacks to more complex and skilled attacks against financial institutions across the globe. They have now attacked a plethora of banks, and although they are almost never successful in their attacks, they have nonetheless been able to steal $117.5 million USD from traditional financial institutions. They even attempted (and almost succeeded!) to steal a billion dollars from the New York Federal Reserve.

Apart from the attacks on financial institutions, Lazarus has also been known to attack large corporations. The most infamous of these attacks were against Sony in 2014. Here, Lazarus was able to incapacitate the Sony network for days and steal unreleased films and employee information. They claim to have been inside of Sony’s network for a year before being noticed. It makes one wonder how many other corporations they could currently be lurking in. More recently, they failed to steal $2.7 million USD from South Korean e-commerce site Inter Park.

The rapid growth of cryptocurrency in 2017, however, quickly drew their attention away from the traditional financial system and put it on the new financial system. As unfortunate as this switch in attention was for the emerging crypto industry (and all of its enthusiastic investors), the plan worked out brilliantly for North Korea.

Instant Success Hacking Crypto

The US, UK, and Australia have all stated that North Korea was behind the WannaCry ransomware attacks in May 2017 (although there is still some ambiguity as to how accurate their accusations are). WannaCry was a virus that infected older Windows computers and encrypted data on the computer until a ransom in Bitcoin was paid. Microsoft released emergency patches to stop the attack, but in the few days that WannaCry was propagating, it “affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars”. However, for all of the computers that were affected, “only 327 payments totaling US$130,634.77 (51.62396539 XBT) had been transferred”. This was peanuts when compared to the amount of money that they had received from attacking financial institutions.

The real game changer for North Korea was when they went from trying to hack the crypto masses and the gatekeepers of the traditional financial system, to attacking the gatekeepers of the new financial system. When they began attacking crypto exchanges, it was as if they were playing a game and decided that they were tired of playing and losing on “Expert” mode so they switched the difficulty settings from “Expert” to “Novice”.

The Coincheck hack in late January 2018 was the largest of these hacks and accounted for $500 million out of the $570 million that they have stolen. The interesting thing to note here is the effect that this hack had on the market. The cryptocurrency bubble had already popped about a month prior, but there is no doubt that the liquidation of half a billion dollars in a relatively illiquid market played a large roll and accelerated the downturn. Combine the selling from that hack with the selling from the Mt Gox Trustee, who liquidated $385 million USD in the first quarter of 2018, and it’s no wonder that the bear market has been as brutal as it has. Add to that the panic selling and capitulation from investors who bought beyond their means, and it's nothing short of a miracle that bitcoin has been able to stay above $3,000 USD.

Effect on the Crypto Community

Nation-states are attacking our exchanges, traditional financial systems are stealing our ideas (looking at you JP Morgan), and the cult-like followings that each community has seems to be at war with every other community in the space. Add to that the constant scams and Ponzi Schemes, and we are forced to grow as a community or risk losing this financial revolution. Which is the only positive that I can gather from all of these hacks. Who knows how long it would have taken for crypto exchanges to up their security standards if it weren’t for them. The NEM tokens stolen from Coincheck, for example, were in a hot wallet, and that has been a huge no-no since day one. Yet, there they were for the taking. Maybe if these hacks never happened, later on down the road we would be hearing about a $1 billion dollar hack (or more!) instead of the $500 million hack that we’re familiar with now. Of course, it’d be better for everyone (well, except for North Korea) if exchanges, from the very beginning, centered everything that they did around security instead of profit.

A more difficult issue to tackle though is the exchanges that don’t ask for any (or little) Anti-Money Laundering (AML) or Know Your Customer (KYC) information from their users. I understand the appeal, privacy is important. It feels strange giving every last detail of your personhood to these exchanges that have been hacked for millions of dollars. What’s to say they won’t lose your personal information as well? Or use it against you in some nefarious way? Privacy is also aligned with the original ethos from the cypherpunk movement that started this all. They understood that we’re slowly being intruded on more and more by the reach that tech companies have. On the other hand, North Korea (and most hackers in general) may have never been able to launder and liquidate those stolen coins if we had a global standard for AML and KYC.

What Does it Mean for NK?

Focusing back on North Korea, I find myself wondering what they are doing with the money that they stole. Their nominal GDP in 2017 was $30.7 billion USD, which makes the amount of money that they stole in crypto almost 2% of their 2017 GDP. How much of that is going towards their nuclear program? Towards feeding their citizens? How will the current global powers react if North Korea continues to attack crypto exchanges and banks? Will it put a wrench in the negotiations between the US and North Korea? The questions are endless and the answers are few, but I have faith in the crypto community to rise to the challenge and work hard to make sure these attacks stop for good.

Finally, I find myself wondering what the possibility is that North Korea didn't liquidate all of their cryptocurrency holdings. If they kept even one percent of what they stole in crypto they’d be holding over five million USD. Even more entertaining is to think about what those holdings would be in. Are they bitcoin maximalists? Do they have infighting between each other on what coins are best? Are they taking a more tested approach like using an index which holds the top five or ten cryptos? The more I think about it though, the less likely it seems that they would be to hold onto this highly volatile asset class, but it still tickles me to imagine North Korea as one of the largest bag holders in the world.

Follow us on Twitter for more interesting cryptocurrency articles.

Marvin Ordonez