New Report: North Korea’s Cyber Army Allegedly Stole $3 Billion in Crypto to Fund Nuclear Program

Hack North Korea Scam
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Source: yurchello108/Adobe

North Korea’s cyber army has stolen $3 billion in cryptocurrencies, with 50% of the funds being used to fund the country’s ballistic missile program. 

According to a recent analysis by The Wall Street Journal, state-sponsored hackers from North Korea have netted more than $3 billion from crypto thefts over the past five years.

The stolen funds have been supplying roughly half of North Korea’s ballistic missile program, with defense accounting for a significant portion of the country’s expenditure. 

The report noted that North Korean hacking groups account for a huge portion of illicit cyber activities, as well as some of the biggest crypto heists ever. 

For one, the North Korean Lazarus group of hackers is believed to be behind the hack of Axie Infinity’s Ronin blockchain, which saw hackers make off with about $625 million worth of Ethereum and USDC in one of the largest crypto hacks of all time. 

“When you look at the amount of funds stolen, [it] would look like an existential threat to what you are building,” Aleksander Larsen, chief operating officer at Sky Mavis, told the WSJ.

The gaming company lost the funds after North Korean hackers reached out as a recruiter to an engineer. 

A Trojan Horse, a malicious computer code software that gave hackers access to Sky Mavis and its customers, was implanted onto the engineer’s computer, which was then used to gain access to private keys required for validating transactions.

The big crypto thefts even caught the attention of the US government, which intensified its focus on countering such attacks. 

In April, the US Treasury revealed that North Korean hackers and scammers exploit loopholes in the decentralized finance (DeFi) space to launder money and hide criminal activity.

North Korean Hackers Shift Focus to Generating Cash

North Koreans’ focus has moved from espionage or attack capabilities for traditional geopolitical purposes to generating cash. 

They have also become more technically proficient. The skill of North Korea’s cybercriminals has impressed US officials and researchers, as they have pulled off elaborate maneuvers that have not been observed anywhere else. 

It is believed that thousands of IT workers, including government officials and freelance Japanese blockchain developers, part of a ‘shadow workforce,’ are linked to the regime’s cybercrime operations. 

International experts have long alleged North Korea to be sourcing funds through a digital bank-robbing army to evade harsh sanctions. 

The North Koreans’ focus on cyber theft has resulted in heists like the $81 million stolen from the central bank of Bangladesh in 2016. 

North Korea has also made over $100,000 from a quickly spreading worm called WannaCry, but nothing has been as profitable as their string of attacks on crypto, which began in earnest in 2018

More recently, hackers linked to North Korea pulled off a cascading supply-chain attack. 

They used this to break into software makers one at a time and corrupted their products to gain access to the computer systems of their customers.

Security researchers have said that this was a first-of-its-kind attack that saw Trading Technologies as the victim. 

A corrupted version of Trading Technologies’ product was subsequently downloaded by an employee of 3CX, a software development company. The North Koreans then used access to 3CX systems to corrupt that firm’s software. 

From there, the North Koreans attempted to break into 3CX customers, including cryptocurrency exchanges, the WSJ report said. 

More Articles

Ethereum News
Linea Updates Sybil List After Reviewing Appeals, Removes 3.5K False Positives
Veronika Rinecker
Veronika Rinecker
2025-02-18 09:03:47
Blockchain News
EU Watchdog ESMA Proposes Mandatory Knowledge Checks for Crypto Firms
Shalini Nagarajan
Shalini Nagarajan
2025-02-18 08:34:44
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors