As price of bitcoin soared last year, North Korean hackers stole US$316 million in cryptocurrency

The North is known to operate an army of thousands of well-trained hackers who have attacked firms, institutions and researchers in South Korea and elsewhere
Pyongyang’s cyberwarfare abilities first came to global prominence in 2014 when it was accused of hacking into Sony Pictures

North Korea

Agence France-Presse

Published: 1:48pm, 10 Feb, 2021

Why you can trust SCMP

North Korea has stolen more than US$300 million worth of cryptocurrencies through cyberattacks in recent months to support its banned nuclear and ballistic missile programmes, a confidential UN report said.

Compiled by a panel of experts monitoring sanctions on Pyongyang, the report said the country’s “total theft of virtual assets from 2019 to November 2020 is valued at approximately US$316.4 million”, citing a UN member state.

North Korean cyberwarfare: as big a threat as its nuclear weapons?

Financial institutions and exchanges were hacked to generate revenue for Pyongyang’s nuclear and missile development, the report said. The vast majority of the proceeds came from two thefts late last year.

The North is known to operate an army of thousands of well-trained hackers who have attacked firms, institutions and researchers in South Korea and elsewhere. It has also been accused of exploiting its cyber capabilities for financial gain.

The North is under multiple sets of international sanctions over its banned nuclear weapons and ballistic missile programmes, which have made rapid progress under leader Kim Jong-un.

A summit between Kim and then-US president Donald Trump in Hanoi in February 2019 broke down over sanctions relief and what Pyongyang would be willing to give up in return. Nuclear talks have been stalled ever since, while the North showed off several new missiles at military parades in October and last month, when Kim pledged to strengthen his nuclear arsenal.

The UN panel said it was investigating a September 2020 hack against a cryptocurrency exchange that resulted in US$281 million worth of cryptocurrencies being stolen. A second cyberattack siphoned off US$23 million a month later.

“Preliminary analysis, based on the attack vectors and subsequent efforts to launder the illicit proceeds strongly suggests links to the DPRK,” the report said, using the initials for the North’s official name.

Pyongyang’s cyberwarfare abilities first came to global prominence in 2014 when it was accused of hacking into Sony Pictures Entertainment as revenge for The Interview, a satirical film that mocked Kim. The attack resulted in the posting of several unreleased films as well as a vast trove of confidential documents online.

The North is also blamed for a huge, US$81 million cyber-heist from the Bangladesh Central Bank, as well as the theft of US$60 million from Taiwan’s Far Eastern International Bank.

Watch out. North Korean hackers are coming for your bitcoin

The North’s hackers have allegedly stepped up campaigns to raise funds by attacking cryptocurrency exchanges as the value of bitcoin and other cybercurrencies soared.

They were blamed for the 2017 WannaCry global ransomware cyberattack, which infected some 300,000 computers in 150 nations encrypting user files and demanding hundreds of dollars from their owners for the keys to get them back.

Pyongyang has denied the accusations, saying it has “nothing to do with cyberattacks”.

Meanwhile North Korean state media on Wednesday reported Kim’s planned foreign policy approach, with particular regard to South Korea, after a meeting of the ruling party.

Kim called last month for more advanced nuclear weapons and said the United States was “our biggest enemy,” presenting a stark challenge to US President Joe Biden just days before he took office.

Kim, who cemented his power at January’s party congress with his election as general secretary, further discussed Pyongyang’s five-year policy plan on the second day of the Workers’ Party plenary meeting on Tuesday.

How barely connected North Korea became a hacking superpower

“The General Secretary in the report evinced the militant tasks to be carried out by the People’s Army and the munitions industry this year,” KCNA reported. “The direction of future action to be taken by the sector in charge of affairs with South Korea and the sector in charge of external affairs, before underscoring the need to thoroughly carry them out without fail.”

While raising the issue of reshaping relations with South Korea “as required by the prevailing situation and the changed times”, Kim has criticised Seoul for offering cooperation in “non-fundamental” areas such as Covid-19 aid and tourism and said it should stop buying arms from and conducting military drills with the US.

South Korea’s new foreign minister on Tuesday said he was confident about coordinating North Korea policy with the US despite earlier signs of differences.

Additional reporting by Reuters

This article appeared in the South China Morning Post print edition as: Pyongyang ‘stole digital currencies worth US$316m’