Cryptocurrency crash threatens stolen North Korean funds as weapons tests intensify – Reuters.com

SEOUL (Reuters) – A downturn in cryptocurrency markets has wiped out millions of dollars in cash stolen by North Korean hackers, four digital investigators said, threatening a major source of funding for the sanctions-hit country and its weapons programs.

North Korea has poured resources into crypto theft in recent years, making it a potent hacking threat and leading to one of the largest crypto thefts on record in March, with nearly $615 million stolen, according to the US Treasury. Read more

Two South Korean government sources said the sudden drop in cryptocurrency values, which began in May amid a broader economic slowdown, is complicating Pyongyang’s ability to make money from this and other thefts, and may affect how it plans to fund its weapons programs. The sources declined to publish their names due to the sensitivity of the matter.

Register now to get free unlimited access to Reuters.com

It comes as North Korea tests a record number of missiles – which the Korea Institute for Defense Analytics in Seoul estimates have cost up to $620 million so far this year – and prepares to resume nuclear testing amid an economic crisis.

Holdings of old and unsupervised North Korean cryptocurrencies monitored by New York-based blockchain analytics firm Chainalysis, which include funds stolen in 49 hacks from 2017 to 2021, have declined in value from $170 million to $65 million since the start of the year, the company told Reuters.

Nick Carlsen said that a North Korean cryptocurrency cache from the 2021 heist, which was worth tens of millions of dollars, has lost 80% to 85% of its value in the past few weeks and is now less than $10 million. Analyst at TRM Labs, another US-based blockchain analytics firm.

A person who answered the phone at the North Korean Embassy in London said he could not comment on the incident because the allegations of the cryptocurrency hack were “completely false news.”

“We did nothing,” said the person, who only identified himself as a diplomat at the embassy. The North Korean Foreign Ministry described such allegations as US propaganda.

US authorities have said the $615 million March attack on blockchain project Ronin, which runs the popular online game Axie Infinity, was the work of a North Korean hacking operation dubbed Lazarus Group.

Carlsen told Reuters that the correlated price movements of the various assets involved in the hack made it difficult to estimate how much North Korea could avoid the theft.

He said that if the same attack happened today, the value of the stolen Ether would be a little more than $230 million, but North Korea had exchanged nearly all of that for Bitcoin, which saw separate price moves.

“Needless to say, the North Koreans lost a lot of value on paper,” Carlsen said. “But even at lower prices, that’s still a huge burden.”

The US says Lazarus is under the control of the General Bureau of Reconnaissance, North Korea’s main intelligence office. He has been accused of involvement in the “WannaCry” ransomware attacks, the hacking of international banks and customer accounts, and the 2014 cyber attacks on Sony Pictures Entertainment. Read more

Analysts are reluctant to provide details about the types of cryptocurrency North Korea holds, which could reveal investigation methods. Chainalysis said that Ether, a popular cryptocurrency linked to the open-source blockchain platform Ethereum, was 58%, or about $230 million, of the $400 million stolen in 2021.

Chainalysis and TRM Labs use publicly available blockchain data to track transactions and identify potential crimes. Such work has been cited by sanctions watchdogs, and according to public contracting records, both companies work with US government agencies, including the IRS, FBI, and DEA.

Investigators say North Korea is subject to widespread international sanctions over its nuclear program, which gives it limited access to global trade or other sources of income and makes cryptocurrency thefts attractive.

“Essential” to the nuclear program

Although cryptocurrencies are estimated to be only a small part of North Korea’s financial resources, Eric Benton-Fuak, coordinator of the UN panel of experts that monitors sanctions, said at an April event in Washington, D.C., that cyberattacks have become “absolutely” essential. Pyongyang’s ability to evade sanctions and raise funds for its nuclear and missile programs.

In 2019, sanctions monitors reported that North Korea made an estimated $2 billion for its weapons of mass destruction programs using cyber attacks.

An estimate from the Geneva-based International Campaign to Abolish Nuclear Weapons says North Korea spends about $640 million annually on its nuclear arsenal. The country’s gross domestic product in 2020 was estimated at $27.4 billion, according to the Central Bank of South Korea.

Pyongyang’s official sources of revenue are more limited than ever amid self-imposed border closures to combat COVID-19. China – its largest trading partner – said in 2021 that it imported just over $58 million in goods from North Korea, amid some of the lowest levels of official bilateral trade in decades. Official figures do not include smuggling.

Aaron Arnold of think tank RUSI in London said that North Korea is already getting a fraction of what it is stealing because they have to use intermediaries who want to convert or buy cryptocurrency without asking any questions. A report released in February by the Center for a New American Security (CNAS) estimated that in some transactions, North Korea only gets a third of the value of the currency it has stolen.

After acquiring cryptocurrency in a robbery, North Korea sometimes converts it into Bitcoin, then finds brokers who will buy it at a discount for cash, which is often kept outside the country.

“Like selling a stolen Van Gogh, you’re not going to get a fair market value,” Arnold said.

Transfer to cash

The CNAS report found that North Korean hackers show “moderate” concern about concealing their role, compared to many other attackers. This sometimes allows investigators to trace digital trails and attribute attacks to North Korea, although stolen funds are rarely recovered in time.

According to Chainalysis, North Korea has turned to sophisticated methods of laundering stolen cryptocurrency, increasing its use of software tools that collect and crowd cryptocurrencies from thousands of electronic addresses — a digital storage site identifier.

The contents of a particular title are often publicly visible, allowing companies like Chainalysis or TRM to monitor any investigations linked to North Korea.

Chainalysis said in a report released this year that attackers tricked people into giving them access or a security breach to steal digital money from online wallets to addresses controlled by North Korea.

Carlsen said the sheer scale of the recent hacks has strained North Korea’s ability to monetize cryptocurrency as quickly as in the past. This means that some funds were stuck even as their value plummeted.

Bitcoin has lost about 54% of its value this year and smaller currencies have also been hit hard, reflecting a drop in stock prices linked to investor concerns about rising interest rates and the growing possibility of a global recession.

“Cashing remains a major requirement for North Korea if it wants to use the stolen money,” said Carlsen, who investigated North Korea as an FBI analyst. “Most of the goods or products that North Koreans want to buy are only traded in US dollars or other fiat, and not in cryptocurrencies.”

Arnold said Pyongyang has other, larger sources of funding it can draw on. UN sanctions monitors said as recently as December 2021 that North Korea continues to smuggle coal – usually to China – and other major exports prohibited by Security Council resolutions.

Changing currencies

It sometimes appears that North Korean hackers are waiting for rapid drops in value or exchange rates before turning to cash, said Jason Bartlett, author of the CNAS report.

“This is counterproductive at times as there is not much certainty in predicting when the currency will rapidly increase in value and there are many cases of crypto money severely depreciated in North Korea-linked wallets,” he said.

Sectrio, the cybersecurity division of Indian software company Subex, said there are signs that North Korea has begun to ramp up attacks on traditional banks again rather than cryptocurrency in recent months.

“Spots” focused on the company’s banking sector — phishing computer systems designed to attract cyber attacks — have seen an increase in “anomalous activity” since the cryptocurrency crash, as well as an increase in “phishing” emails, which attempt to trick recipients into bidding. Sectrio said in a report last week away from security information.

But Chainalysis said it has not yet seen a major change in crypto behavior in North Korea, and few analysts expect North Korea to give up on crypto theft.

“Pyongyang has added cryptocurrency to its calculus as it evades sanctions and money laundering, and this will likely remain a permanent target,” Bartlett said.

Register now to get free unlimited access to Reuters.com

Reporting by Josh Smith. Editing by Jerry Doyle

Our criteria: Thomson Reuters Trust Principles.

#Cryptocurrency #crash #threatens #stolen #North #Korean #funds #weapons #tests #intensify #Reuterscom

Leave a Comment

Your email address will not be published. Required fields are marked *