Increase of Cryptocurrency Crimes by North Korea

3 July 2022

Cryptocurrency is a productive means to assist the transfer of legal funds and engage representatives globally, but it’s also a tool to facilitate scams and the laundering of money. And North Korea, one of the world’s poorest and most isolated countries, seems to have discovered both.

Cryptocurrency-based crimes are highly successful in North Korea. The country is “among the most prolific cyber-attackers”, the Guardian notes. This year alone 60 per cent of all cyberattacks, or about US$ 1 billion, is attributed to North Korean hackers according to Chainalysis, a blockchain firm working to uncover the latest hack.

On 23 June, US$ 100 million was stolen from the United States-based Horizon Bridge. Investigative firm Elliptic attributes the hack to the Lazarus Group, controlled by North Korea’s intelligence agency Reconnaissance General Bureau according to U.S. officials.

The proceeds of the crypto-hacks are believed to fund “nuclear and ballistic missile programmes”.


Since the 1970s, North Korean officials have been accused of several illicit endeavours including drug and ivory trafficking. For the past decade, digital illicit activities have been added to the portfolio stealing hundreds of millions of dollars often with a lasting negative impact on the affected companies and countries.

Currently, “North Korea’s operatives, utilizing keyboards instead of guns, sneaking digital wallets of cryptocurrency rather than sacks of cash, are considered among world’s prominent bank robbers,” General John C. Demers, Assistant Attorney of the Justice Department’s National Security Division stated in February 2021.

Intended to fund the weapons used in missile programmes, North Korea has robbed an approximate US$ 2 billion using innovative cyber-attacks, the United Nations reported in 2019.

The U.S. has alerted North Korea regarding its progressively increasing illicit cyber-crime operations and instated disabling financial sanctions.

North Korea is aggressively working to damage the crypto industry, Arthur Cheong, Founder of venture capital firm DeFiance Capital said. Cheong says that state-sponsored hackers have possibly invaded all areas of the crypto industry and have the knowledge to steal users’ funds using different sorts of attacks.

Previously, Chainalysis warned of the complex techniques and tactics used by North Korea including malware, phishing, code exploits and social engineering. And according to the report by cyber security firm Kaspersky, North Korea is well-known for generating fake companies. These companies then mislead crypto users to install malicious apps that drain their funds.

The number of North Korean cyber-attacks previously decreased from 2018 until 2020, but rose again in 2021, according to Chainalysis. The extracted value of the hacks also increased by 40 per cent in 2021 compared to the previous year.

The most frequently used operations include attempting to hack banks and companies holding massive amounts of cryptocurrency. A know modus operandi is North Korean scammers pretending to be American job candidates intending to gather cryptocurrency in the form of paychecks and possibly get an inside view of corporations.

The Lazarus group was likely behind the theft of US$ 600 million in cryptocurrency, one of the largest cases ever, from the popular online game Axie, investigated by the U.S. Treasury Department.


Although several countries employ cyber forces as part of overseas military operations, North Korea has been able to do so while being sanctioned by the U.S.

Previously, a 39-year-old American crypto specialist, Virgil Griffith, was sentenced to five years in prison. He was engaged in assisting North Korea in using virtual currencies to avoid sanctions. Furthermore, a 47-year-old Spanish national named Alejandro Cao de Benós, claiming to be a “special delegate”, was involved with Virgil Griffith for illicitly providing cryptocurrency services to North Korea.

The United States has initiated preventive steps to enhance the security of the global financial system, in response to the developing crypto crimes by North Korea.

On 6 May 2022, the U.S. imposed its first-ever sanctions on a virtual currency mixer managed by North Korea, The platform was used for  the laundering of stolen virtual currency according to the U.S.

“Virtual currency mixers that assist illicit transactions pose a threat to U.S. national security interests. We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered,” Brian Nelson, Secretary of the Treasury for Terrorism and Financial Intelligence stated.

The U.S. published a Cybersecurity Advisory in April 2022 and announced collaborative efforts with South Korea to combat cyber-offensiveness by North Korea as well as other actors.

The increased awareness of and actions taken against North Korea’s sophisticated cybercrime will hopefully pay off soon.

Article by Fatima Abuzar.
Editing by Anrike Visser.

Copyright © 2022, rights reserved as set forth in the copyright notice.

Taking you where others don't
Ready to make sense of foreign news?

By subscribing you agree that your information will be transferred to MailChimp for processing in accordance with their Privacy Policy ( and Terms (