The Horse Behind the Monkey: North Korea, Hackers, and Cryptocurrency

Odaily Planet Daily reported today that the blockchain security team MistTrack tweeted that North Korean hackers are cleaning the stolen funds from Atomic Wallet.
Such news is not new. North Korean hackers can make headlines in the crypto industry almost every month. Whenever there is a huge amount of attack, the mysterious North Korean hacker group Lazarus Group is always involved. According to an annual report released by the US National Security Council in April this year, the total amount of virtual assets stolen by North Korean hackers exceeded US$3 billion.
In the world of Chinese Internet, the name North Korea is always associated with backwardness, closedness, and such never-boring memes as "a great man sent from heaven" and "the Taepodong artillery attack". It seems that the neighbor to the east has already hidden away in a small building and become one - today, when netizens around the world are keen on surfing, most North Korean people still can't find their steam accounts, let alone their wallet addresses.
Of course, North Koreans still have some entertainment of their own. Although "Pyongyang Racing" was released in 2012, it still makes me feel a sense of nostalgia across the millennium. (The picture below is "Pyongyang Racing")
But in a way, North Korea's CS technology is not inferior. The ACM team of Kim Chaek University of Technology, known as the "Little Tsinghua University of North Korea", is not only a regular at the ACM WorldFinal, but also had a "decisive battle on the 38th parallel" with friends from Seoul University in the south at the 2019 WF (the organizing committee was considerate enough to place the two teams in the north and south when the camera was broadcast). Although they were a little slower than Seoul University in penalty time and finished last in the silver medal, their coding skills are evident.
Ask others for help or ask yourself for help?
In fact, North Korea's enthusiasm for cryptocurrency has only increased compared to that of the "Southern Puppet", but this enthusiasm comes more from the official side. In 2017, Pyongyang University of Science and Technology opened blockchain-related courses and invited relevant practitioners to teach courses. Since 2018, Pyongyang has held cryptocurrency and blockchain conferences every year. Virgil Griffith of the Ethereum Foundation has also traveled to North Korea to attend blockchain conferences. North Korean hackers who have transformed into virtual "Chullimakan" frequently appear in accident reports of thefts from exchanges (mostly Korean exchanges). There are even meme coins themed on the North Korean space program, although the last update on the official Twitter account was in 2021.
Although there have been rumors that North Korea is conducting large-scale mining activities, it is certain that North Korea is not joining the new wave of web3.0 as a miner. Although North Korea has rich coal resources, the foundation of its chemical and energy industries is deeply influenced by the Soviet Union's CMEA, which is mainly based on the oil system. After the disintegration of the Soviet Union, the lack of oil resources and the shortage of technology have forced North Korea to rely on hydropower and thermal power generation.
North Korea, which has not yet exceeded the level of electricity generation in 1990, prefers to spend electricity on important areas such as industry, medical care, and local theme ideological towers. This makes it impossible and unnecessary for domestic bosses to charter hydropower stations with excess electricity for mining during the flood season. It is also impossible for the Central Committee of the Workers' Party of Korea to support the "great cause of the crypto world under the leadership of the dear leader" in this way.
It is better to take the fish from a man than to take it from him. According to statistics from the blockchain data platform Chainalysis, in 2021 alone, North Korean hackers stole about $400 million worth of cryptocurrency through attacks on cryptocurrency outlets. Only 20% of the stolen funds were Bitcoin, while 22% were altcoins/privacy coins, and Ethereum accounted for the majority of the stolen funds, accounting for 58%. The stolen coins are cleaned through mixers and Defi platforms. Some of them are eventually converted into legal tender on exchanges or offline after various changes of hands, and some are stored in cold wallets for backup. Interestingly, although hackers mostly only target exchanges, it is not ruled out that they use social engineering to cheat/sneak attack NFTs. The data also confirms that North Korea began to "have a great interest" in Bitcoin in 2017.
Attack of the Archbishop
The most well-known among them is Lazarus, a hacker organization affiliated with the 121st Bureau of the General Investigation Bureau. It uses the name of the Archbishop in "Diablo" as its code name. It planned the Sony Pictures hacking incident in 2014, the Bangladesh Bank robbery in 2016, the "WannaCry" ransomware virus, "Dark Seoul"... and so on. Their names have also appeared in news reports about project parties being attacked: Harmony, Kucoin, Ronin... and of course, Atomic in recent days.
Looking back at all the attacks, Korean exchanges have undoubtedly become the most important "target".
As early as the beginning of 2017, Bithumb was robbed of $7 million by their northern neighbor. In early 2019, the United Nations cited a report by Group IB, accusing Lazarus of five cryptocurrency thefts, targeting Yapizon (South Korea, loss of 3,816 BTC, equivalent to $5.3 million), Coinis (South Korea, loss unknown), YouBit (South Korea, loss of 17% of assets), Coincheck (Japan, loss of 523 million NEM, equivalent to $534 million), and Bithumb (South Korea, loss of $32 million). The total profit of the five attacks was as high as $571 million.
This method has become an important source of economic income for North Korea since it was sanctioned in 2006. Decentralization has played a huge role in the face of Western encirclement and blockade. Although physical exchanges can freeze suspected accounts due to "relevant regional laws and regulations" (just like Coinbase and other companies did to Russia), it is obvious that not all exchanges are in the United States, and private transactions have never stopped from the beginning.
Considering the situation on the Peninsula and the statement made at the 6th Political Conference of the 8th Congress of the Workers' Party of Korea, a large part of these important foreign exchange earnings will be invested in "immediately strengthening and developing more powerful material means to effectively suppress the U.S. hostile actions against North Korea" and "promptly discussing whether it is necessary to restart all activities that have been suspended in the meantime." The core idea is still to adhere to the "military and diplomatic guarantees for external affairs" of the Eighth New Line.
As for the dynamics in the future, it depends on the 8th Plenary Session of the 8th Central Committee of the Workers' Party of Korea, which may be held in the middle of this month. This meeting will determine the direction of North Korea in the remaining time of the five-year plan, including whether to reaffirm its position on strengthening national defense and re-launch the "Wanlijing-1" military reconnaissance satellite. The frequency of North Korean hackers' actions will also be adjusted accordingly due to this meeting.
US-North Korea relations in the blockchain
It is not easy to get rid of North Korea's isolated island status in the world. Due to the complexity of the peninsula's geopolitics, the core guiding ideology of all actions is to start from the perspective of "security". While ensuring its own existence, Kim Jong-un's main political demands during his tenure are to try his best to normalize political life, transfer power from the military to the Workers' Party, and promote economic development. The key to achieving this goal still lies in the relationship between the United States and North Korea.
But for now, at least when it comes to cryptocurrencies, the attitudes of both sides have never eased. In February 2021, the U.S. Department of Justice indicted three North Korean hackers affiliated with the Reconnaissance General Bureau of the Korean People’s Army, accusing them of "stealing more than 1.3 billion U.S. dollars in cash and cryptocurrencies." Just two months ago, the U.S. Treasury Department sanctioned three North Koreans who supported Lazarus and were responsible for "facilitating" Lazarus.
In any case, for North Korea, Crypto has indeed helped them circumvent sanctions from hostile regimes and provided new economic assistance to the country. Although there is currently no news that North Korea is involved in any primary market investment (after all, taking it directly is faster than investing), it is very likely that there will be institutions and organizations with official backgrounds in the future. Perhaps soon we will see a group of young people with leader avatars on their chests sitting down with the project party to discuss topics such as DA, chain ecology and other industry-related topics.
In the final stage of the campaign, Yoon Seok-yeol tried to obtain votes from young South Koreans by issuing NFTs. Although North Korea cannot directly imitate this behavior, perhaps behind the countless transaction data of Opensea, the great man from Mount Paektu has privately purchased the monkey head and allowed himself to enter the Alpha Club?
Perhaps when the North-South dialogue is resumed one day, the two can discuss how to save gas fees at the Blue House.