April 19, 2024

• 

[THE INVESTOR] The world’s most reclusive nation was no exception to the cryptocurrency fever that swept across the globe last year.

Ordinary North Korean citizens may not be familiar with terms like Bitcoin or Ethereum. But for a select few, digital coins have become a darling in the cash-strapped country as a financial lifeline, especially after UN-led sanctions hit its economy badly.

The exact amount of coins that North Korea has on hand is hard to track. But earlier in March, a former National Security Agency official Priscilla Moriuchi of Recorded Future claimed North Korea has raked in at least 11,000 Bitcoins last year via hacking or mining, estimated to be around US$200 million if it had cashed out during the peak. 

Experts agree the isolated nation will continue to collect digital coins in the future -- but mostly through stealing. Even with some signs of thawing relations between North Korea and the rest of the world ahead of the inter-Korean summit, it is unlikely to easily give up its new source of hard cash.

“With the recent economic sanctions taking a toll, cryptocurrencies, in addition to ransomware attacks, is the only way to earn foreign money easily,” Kim Heung-kwang, a former computer science professor in North Korea who now heads a Seoul-based think tank North Korea Intellectual Solidarity, told The Investor. “The number of attacks will only increase in the future.” 


North Korea’s crypto history

North Korea’s interest in cryptocurrency dates back to 2013, years before the Bitcoin craze became mainstream worldwide.

In 2013, the US cybersecurity firm Secureworks spotted evidence of multiple usernames originating from a North Korean internet addresses researching on Bitcoins. It has been also reported that North Korea stole more than 100 million won (US$92,900) from Korean cryptocurrency exchanges from 2013-2015, according to Korean security firm Hauri.

The hacking activities came to the limelight when the price of Bitcoin started to skyrocket last year.

North Korea is thought to be behind attacking Korea’s largest exchange Bithumb last June, stealing the data of 36,000 users and cryptocurrencies worth around 7 billion won, according to the National Intelligence Service. Other exchanges fell victim to North Korea-linked hackers, including Coinis in September, which lost some 2.1 billion won, while Youbit was forced to shut down after a combined 22.7 billion won was stolen during the two attacks. 

Sources say North Korea already converted most of the Bitcoins into hard cash, before the price plummeted earlier this year, via unofficial channels such as casinos and the black market, in countries like China and Russia.

Up until now, North Korea’s core target was its southern neighbor. But that is due to change as North is zooming into exchanges all around the world. Earlier in January, Japanese cryptocurrency exchange Coincheck got US$530 million worth of coins stolen, with South Korea’s intelligence agency identifying North Korea as the likely culprit.

“As South Korean exchanges tighten security on their networks and the government impose stricter regulatory controls on cryptocurrencies, exchanges and users in other countries should be aware of the increased threat level from North Korean actors,” US cybersecurity firm Recorded Future said in the report.


North Korean elite, hacking the system

Kim, who taught at Hamheung Computer Technology University before defecting to South Korea in 2004, said the government-backed hackers, so-called cyber warriors, possess the full capacity -- in terms of size and hacking prowess -- to launch destructive exchange heists.

There are about 7,000 hackers in North Korea spread out under the country’s main intelligence agency Reconnaissance General Bureau, according to Kim. Lazarus Group, the infamous hacking operation that is thought to be backed by the agency, has been pointed to orchestrate some of the biggest cyberattacks in recent history. They include 2014’s Sony Pictures hack, the theft of US$81 million from the Bangladesh’s central bank in 2016 and most recently, “WannaCry” ransomware attack which infected 300,000 computers in more than 150 countries. North Korea, however, has repeatedly denied its involvement. 

“They are one of the elite in the society, made up of top engineers handpicked from major universities,” Kim said. “At the agency, they obtain hacking capabilities and receive intensive training for cyberwar. They are capable of mining cryptocurrencies as well.”

“North Korea’s cyber power has grown exponentially in recent years, easily surpassing South Korea’s capabilities, Its is ranked within seventh globally, when it comes to hacking and cyber operations,” said Lim Jong-in, professor at the Korea University Graduate School of Information Security. “Cryptocurrency exchanges, which have far weaker security features than most large banks and financial institutions, are vulnerable to such attacks.”

He called on exchanges to ramp up security and add safeguard features by hiring more security experts, as the exchange heist will only grow bigger and more damaging in the future.

Bithumb said it doesn’t have a separate security team focusing on North Korea. But the firm is tackling all security breaches through its security team -- made up of 20 to 30 experts. It is hiring more security talent to protect from hacking attacks in the future. 


But no mining

Earlier this year, a US cybersecurity firm AlienVault, said it found evidence of North Korea mining another Bitcoin-like virtual coin Monero using foreign computers and funneling it into the country through the state-run Kim Il Sung University.

Sources said North Korean hackers have been mining Bitcoins since last year, around the North Korean border and in countries like China and Russia.

But despite its mining capabilities, North Korea’s cryptocurrency activities will mostly focus on hacking, as it is “cost-effective,” according to experts.

“North Koreans can mine digital coins as well. But producing cryptocurrency is not cost-effective for North Korea as it requires large amounts of electricity and time. It doesn’t make sense for North Korea, which is suffering from power shortage, to earn coins through laborious work of mining,” said Chung Tae-jin, cyber-security professor at Pyeongtaek University. “Its cryptocurrency aim is to raise money to maintain its regime. So North Korea will focus more on hacking cryptocurrencies, instead of mining them.”

By Ahn Sung-mi (sahn@heraldcorp.com)