Cashed Up: North Korea's Secret Bitcoin Stash
Politics|Dec 15, 2017

Cashed Up: North Korea's Secret Bitcoin Stash

The 'Norks' Have Been Stealing Cryptocurrency To Fund Their Ailing Regime.
Nathan Harmond

Pyongyang’s elite has long been known to live lavishly, while North Korea’s government continues to be a pain in everybody’s collective arse. Like the naughty kid who refuses to eat dinner and therefore won’t get dessert, North Korea has received heavy economic restrictions — unless it eats dinner first. But like the obstinate fat kid who won’t give up on that slice of chocolate cake, or in the case of North Korea, missile tests, the pariah nation has found a way to bend the rules and feed its elite, hacking its way to a wealthy serving of other people’s money. 

A recent report from security research firm FireEye suggests that North Korean actors hacked a South Korean cryptocurrency exchange — a digital marketplace where traders can buy and sell bitcoins using different fiat currencies — to steal cryptocurrency, a digital or virtual currency that uses complex encryption for security.

Unlike hard cash, cryptocurrency is not issued by any central government, thus rendering North Koreans impervious to international economic restrictions if they are able to acquire it. The anonymous nature of cryptocurrency transactions makes it well suited for these types of nefarious activities, and North Korea has long been known to possess cyber-espionage capabilities. 

While North Korea hasn’t been caught red-handed, FireEye strongly suspects the hacks to be coming from the hermit kingdom. The hacking methods used are linked to North Korean actors [operatives? agents] suspected to be responsible for intrusions into global banks in 2016. 

“In 2016 we began observing actors we believe to be North Korean utilising their intrusion capabilities to conduct cyber-crime, targeting banks and the global financial system… since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds,” wrote Luke McNamara, a senior cyber threat intelligence analyst at FireEye.

It’s unsurprising that someone is trying to steal cryptocurrency, especially given its rise in popularity in recent months. North Korea has previously been involved in a number of money-laundering schemes, including gold smuggling, counterfeiting foreign currency and even operating state-run restaurants in other countries, and this is likely another cash grab. 

While there are legitimate ways to acquire cryptocurrency North Korea doesn’t seem interested and would rather steal it. It’s unsurprising that a regime which in many ways acts like a criminal enterprise is now willing to engage in financial crime. 

“We definitely see sanctions being a big lever driving this sort of activity,” said FireEye’s McNamara in a report on Bloomberg. “They probably see it as a very low-cost solution to bring in hard cash.”

By compromising an exchange, as McNamara has suggested, as opposed to individual accounts, they can potentially “move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies… to withdraw them in fiat currencies such as the South Korean won, US dollars, or Chinese renminbi.” 

Aside from narcotics and counterfeit currency, knock-off pharmaceuticals and cigarettes contribute to the illicit income of North Korea and might be adding as much as $1 billion to the coffers of Pyongyang’s elite every year.