How North Korean hackers stole billions in crypto

Pyongyang-backed cyber gangs use ‘mixers’ to launder their criminal proceeds

Cryptocurrency coins
Pyongyang has ‘found innovative ways to fund its missiles programme’
(Image credit: Getty Images)

North Korean hackers stole a record $1.7bn of cryptocurrency last year, according to a New York-based data firm.

The figure is four times as much as the country’s previous record for cryptocurrency theft – $429m in 2021 – and constituted 44% of the $3.8bn stolen in 2022, which Chainalysis called “the biggest year ever for crypto hacking”.

With many countries having imposed heavy sanctions on the Pyongyang regime, North Korea is turning to crypto theft to fund its nuclear arsenal. “Despite being unable to feed its people”, it has “found innovative ways to fund its missiles programme”, said The Economist.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.


Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

The hackers “typically launder crypto” through “mixers”, which “blend cryptocurrencies from various users to obscure the origins of the funds”, Chainalysis told the BBC. Other analysts have said that North Korea launders stolen crypto through brokers in China and non-fungible tokens (NFTs).

Crypto mixers are software that “allows users to obfuscate the sources and destinations of cryptocurrency holdings” and are “used by hackers in attempts to exchange crypto into fiat currency”, said Bloomberg.

“Last month, the FBI claimed that North Korea-affiliated Lazarus Group was responsible for a $100m crypto heist on a blockchain network called Horizon bridge last year,” said the BBC.

CNN reported that Pyongyang-backed hackers have conducted ransomware attacks on healthcare providers and other key sectors in the US and South Korea and used the takings to fund further cyberattacks on government agencies in the two nations.

Last summer, an investigation by the broadcaster found at least one cryptocurrency entrepreneur who unwittingly paid a North Korean tech worker tens of thousands of dollars.

In 2019, PCMag reported that North Korean hackers “have been blamed for using email-based phishing attacks to trick employees at cryptocurrency exchanges” to download malware to their computers. Security experts “also suspect the country’s hackers were behind several heists on the Swift banking network back in 2016”, the tech site added.

Continue reading for free

We hope you're enjoying The Week's refreshingly open-minded journalism.

Subscribed to The Week? Register your account with the same email as your subscription.