North Korea has earned $3 billion from six years of digital asset theft, while Spanish authorities have detained an individual who allegedly helped educate North Korea on how to evade economic sanctions via blockchain technology.
Last week, the Recorded Future intelligence outfit released a report on North Korea’s efforts over the past six years to finance its activities through blockchain hacks and exploits. The report estimates the total sum generated for the Hermit Kingdom’s dictatorial regime since 2017 to be over $3 billion.
This includes $1.7 billion in 2022 alone, which the report claims represented 5% of the country’s overall economy that year and nearly half its military budget. It also represented nearly 10x the total value of the Hermit Kingdom’s exports ($182 million) in 2022.
After nearly pulling off a spectacular $1 billion heist from the Bangladeshi central bank in 2016 using more traditional methods—they ended up getting away with only $101 million, of which $35 million was later recovered—North Korean state-sponsored hacking groups such as the Lazarus Group refocused their attention on blockchain attacks. The report claims this shift was driven by publicity surrounding the 2017 ‘crypto’ value bubble (that was partially the result of Tether-based wash trading on exchanges such as Bitfinex).
The report claims North Korea was intrigued by the potential for hacking blockchain entities due to their reputation as “a rapidly growing financial technology industry that has little oversight and is unprepared for a relentless cyber assault.” North Korea originally focused its crypto theft efforts on its neighbor South Korea, garnering $82.7 million in 2017 from attacks on the Bithumb, Yapizon, and Youbit exchanges (the latter collapsed as a result of these attacks).
By 2020, North Korea’s APT38 group was targeting exchanges in the U.S., Europe, Japan, Israel, and even Russia, one of the regime’s few ‘allies’ on the geopolitical map, while also engaging in phishing attacks on countless individuals. However, malware spread by these groups appeared to spare systems on which Chinese anti-virus software was installed, suggesting North Korea didn’t want to offend its giant neighbor, on which it depended for much of its imported goods.
The report suggests that North Korea’s various hacking groups had specific geographic areas of influence, with Lazarus operating far and wide while others, such as Kimsuky, focused on South Korea. (Just last week, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) joined Australia, Japan, and South Korea in sanctioning Kimsuky for engaging in “illicit and destabilizing activities.”)
As for laundering its illicit proceeds, North Korea occasionally fiddled with some clunky methods, including selling tokens for iTunes gift cards. North Korea also used personal information obtained via phishing attacks to open accounts on South Korean exchanges, into which stolen assets were deposited, converted, and then withdrawn. Eventually, North Korea discovered the simplicity of using ‘coin mixers’ like Blender.io and Tornado Cash to launder their stolen assets.
It’s worth noting that North Korea’s biggest ‘crypto’ hacking haul occurred in 2022, which coincidentally (or not) saw the country engage in 70 missile launches, the highest number since the regime’s inception.
Virgil Griffith co-conspirator detained in Spain, faces extradition
According to the U.S. Department of Justice (DoJ), North Korea received pointers from Western blockchain figures on how best to use cryptocurrency to evade U.S. economic sanctions. Some of this education came courtesy of Ethereum developer Virgil Griffith, who gave a presentation at a 2019 event in Pyongyang despite U.S. authorities telling him not to go.
In April 2022, Griffith received a 63-month sentence for conspiracy to violate the International Emergency Economic Powers Act (IEEPA). The stiff sentence was ordered despite the protestations of Ethereum founder Vitalik Buterin, who claimed Griffith didn’t give North Korea “any kind of real help in doing anything bad.”
On December 1, Spanish police announced the arrest of Alejandro Cao de Benos, a Spanish national who was indicted by U.S. authorities last year for conspiring with Griffith and a third man, U.K. national Christopher Emms, to help North Korea evade sanctions through cryptocurrency.
Cao de Benos was released without conditions following a brief court appearance and is now waiting to see if U.S. authorities launch a formal extradition process so he can face trial on U.S. soil. Cao de Benos subsequently tweeted that the U.S. charges were “false” and, therefore, there will be “no extradition.”
The Federal Bureau of Investigation (FBI) accuses Cao de Benos of “coordinating approval” from North Korea’s government for Griffith’s participation at the 2019 conference. Before Griffith’s arrest following his return from North Korea, Cao de Benos had planned a similar shindig for 2020. Cao de Benos issued a statement over the weekend saying “[t]here is not a single piece of evidence that proves that I hired or solicited the services of Virgil Griffith.”
Emms remains at large, having been granted asylum in Russia this summer after being briefly detained in Saudi Arabia last year. Following Cao de Benos’ arrest, Emms told Russian state television that the charges against the pair were “politically motivated” and in violation of international law. Both Emms and Cao de Benos face up to 20 years in prison if convicted in the U.S. on their conspiracy charges.
A November to dismember
It’s not all down to North Korea, but blockchain security monitors CertiK Alert announced last week that November was the most damaging month this year for exploits, hacks, and scams.
Last month saw around $363 million lost, with exploits accounting for over $316 million of this total. The bulk of these involved Justin Sun-linked entities, including a $131.4 million ‘hack’ of the Poloniex exchange and $113.3 million stolen from the HTX (formerly Huobi) exchange and the Heco cross-chain bridge.
Two very unfortunate individuals ranked in the top five of November’s exploits. One phishing victim lost over $27 million in digital assets, while another suffered a $3.3 million loss.
So far this year, exploits and hacks have totaled over $1.7 billion, of which $1.26 billion was related to exploits. Most of the exploits occurred in the second half of 2023, with July ($285.8 million) and September ($329.8 million) proving particularly painful. Exit scams have cost customers nearly $147 million and flash loan attacks resulted in nearly $310 million stolen.
OF*C
Finally, the tireless researchers at ChainArgos turned up a new wrinkle in how ‘crypto’ operators deal with sanctioned entities on the blockchain. ChainArgos recently revealed that Tether somehow managed to blacklist a North Korea-controlled Ethereum wallet nearly two months before OFAC flagged the wallet as problematic, prompting questions as to how Tether was able to proactively identify the problem.
And yet, somehow, the U.S.-based Coinbase (NASDAQ: COIN) exchange apparently failed to impose restrictions on the user in question even after the OFAC designation, resulting in three USDC-based transactions totaling $21,200. So, in this case, at least, Coinbase’s awareness of its customers’ activities actually proved less robust than Tether’s. TETHER!
Then again, cut Coinbase’s C-suiters some slack. They’re currently preoccupied with dumping stock now that Coinbase’s share price has doubled over the past six weeks. Doubled, we note, despite having announced its seventh straight loss-making quarter just one month ago. (Nobody said ‘crypto’ people could count.)
Over the past two weeks, Coinbase CEO Brian Armstrong has sold over $11.1 million worth of his shares, director Fred Ehrsam sold $8.7 million, legal eagle Paul Grewal unloaded nearly $4.8 million, and chief people officer Lawrence Brock added around $2 million to his wallet. It’s hard to hear anything over the sound of those slot machines paying out, we guess.
Watch: Callahan, MaGruder, Lee, and Reinhardt: Probing criminal acts
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.
