Buy CGT/Claim
Follow On Google News

Is North Korea a safe haven for Crypto Hackers?

11 Jul 2022 By : Pankaj Gupta
Is North Korea a safe haven for Crypto Hackers?

The only dark country in nighttime satellite photos of East Asia is North Korea which is one of the last officially Communist countries in the world. Although it is extremely challenging for outsiders to comprehend what is happening inside of North Korea, North Korean citizens find it much more difficult to get knowledge about the outside world as internet connectivity is available to less than 1% of North Koreans.

At first look, it seems absurd, that North Korea's government has given rise to some of the world's best hackers. However, North Korea poses a serious and expanding threat to cybersecurity. Imagine a secret group of hackers operating within the country. There may be a secret army of hackers operating within the country.

The cryptocurrency industry has long been troubled by thefts and Hacks. While some hacks were intended to steal information, others were meant to alert networks to security flaws. North Korea is often mentioned in the many hacks that have occurred throughout the years in many industries. The nation has been operating the Lazarus Group, a government-sponsored hacking group.

The same group shifted their focus to the crypto-verse. According to reports, the recent hacking of Axie Infinity's Ronin Bridge and Harmony's Horizon Bridge was carried out by the same Lazarus Group.

Rise of Lazarus Group

Lazarus has a very long Timeline of Hacks. Since 2009, Lazarus has maintained a strong online community. In 2014, its most well-known hack took place. The target was Sony Pictures Entertainment. The Lazarus group hacked Sony Pictures after the release of the movie “The Interview”.Sony asserts that the hack resulted in damages to the company of $15 million(₹189 million). Large volumes of data were stolen during the attack and later released separately. During the hack, a huge amount of data was stolen and eventually leaked independently.

In February 2016, The Lazarus Group successfully raided Bangladesh Bank. Nearly the entire $951 million amount of the Bangladesh Bank's New York Fed account was transferred by hackers. The hackers had plenty of time to prepare, similar to the Sony attack.

It was then determined that they had been exploiting Bangladesh Bank's computer systems for a year. After sending an email with an application to numerous Bangladesh Bank workers. When a member of staff opened the email and downloaded the malicious files, the bank was attacked.

One of the largest cryptocurrency thefts ever occurred when an estimated $615 million(₹ 48 billion) worth of bitcoin was taken from the blockchain project Ronin's infrastructure.

The group claimed that on March 23, unidentified hackers stole roughly 173,600 ether tokens and 25.5 million USD Coin tokens. At the time of the occurrence, the stolen money was only worth roughly $540(₹ 48 billion) million; today, it is worth $615 million(₹ 48 billion)

Furthermore, many blockchain security companies think that the Lazarus Group was also responsible for the Harmony attack. The Horizon Bridge in Harmony was looted of $100 million. Several bitcoin exchanges that the North Koreans had hacked. Bithumb, an exchange in Seoul, was successfully raided four times—a shocking breach in security.

There is a widely cited estimate of how many there are, which is 6,000. This estimate was derived through a study of the evidence of North Korean defectors. Because North Korea prohibits the use of laptops and the Internet, the North Korean authorities cannot rely on hackers in hoodies in bedrooms or teenagers who just browse YouTube to teach these individuals. 

North Korea has produced all of its computer hackers through the educational system. The dictatorship has identified them and is preparing them to enter prestigious universities and develop their talents. Either the nuclear programme or government hacking will need a lot of work.

How Lazarus is exploiting Crypto Market?

Numerous breaches in recent years have demonstrated that hackers are more interested in the domain of cryptocurrency. Although we often don't know who the criminals are, there is one such group that everyone refers to The Lazarus Group, a North Korean cyber group supported by the government.

In 2020–2021, the cryptocurrency market saw a significant transformation. In this period, North Korean hackers allegedly gained control of and conducted seven additional attacks on these platforms to aid in funding their nuclear development, according to a UN assessment. One of the main ways that the nation generates income digitally is through cryptocurrency, but all of these transactions are fraudulent because of severe international sanctions.

The cybercrime operation of North Korea uses a variety of strategies, including ransomware deployment, bank robberies, and cryptocurrency exchange theft. It appears that North Korea may be employing a pattern in the situation of Cryptocurrencies. 

Bridges appear to have become easy pickings for these hackers. These hacks have also had some additional similarities. The majority of exploits begin with social engineering, which involves enticing unsuspecting employees to open a file. They frequently go after bridges. Bridges act as a sort of crucial link between cryptocurrencies.

Lancarus are behind many Crypto attacks in which they targeted bridges such as the Axie Infinity's Ronin Bridge attack and Harmony's Horizon Bridge attack.

Normally, North Korean hackers use phishing attempts to access international cryptocurrency wallets, trojanized cryptocurrency applications, luring victims with fake sites or other traps. By convincing the user to click on a phishing link, which would then either infect a website or download and install crypto-mining software on their computer, they can use other people's systems to earn cryptocurrency for them.

It's possible that you might be accidentally generating Cryptocurrencies for hackers.  Read our blog post on "How to prevent hackers from intruding on your crypto" to know how to keep hackers out of your cryptocurrency wallet. Additionally, to learn more about cryptocurrency hacking and the methods used? You can read our blog post on Blockchain Hacking and why are cryptocurrency threats rising so quickly?

Converting the cryptocurrency to cash is the last step. The funds are then transferred by the hackers using a complex set of financial tools, passing via cryptocurrency "mixers" that blend different streams of digital assets to make it more difficult to trace the movement of a specific batch of cryptocurrencies.

Why is it safe for Hackers?

North Korea has been developed as a booming field of cyberattacks due to official encouragement and support, which is used for both classic surveillance and to replenish the country's dismal finances. National interest or more specifically the interest of the regime of Kim Jung-un takes precedence, therefore North Korean hackers have nothing to worry about in their own country.

North Korea faces the minimal threat of being a target of its own hackers when they unleash destructive cyberattacks because the majority of the population remains offline. It is a low-cost, low-risk, but high-return criminal industry for North Korea.        

Unlike terrorist organisations, North Korea's cybercriminals do not take credit for their crimes, and the government always denies them.

To advance the development of North Korea's nuclear weapons and to improve their financial system, North Korea performs cryptocurrency hacking. It was revealed that these hackers perform 16-hour shifts beginning at six in the morning. According to reports, the hackers are sent to nations like Russia and China for specialized training in cyberwarfare. 

Furthermore, it would be very difficult to charge these hackers even with the assistance of the FBI and other national security organizations. Getting your hands on stolen money is definitely out of the question.

To make up for the COVID-19 pandemic-related economic slowdown and, more concerningly, to sustain its nuclear and missile projects, North Korea has engaged in cryptocurrency mining and heists.

However, a study on sanctions against North Korea by a United Nations team of experts in 2019 estimated that the nation had made two billion dollars through cybercrime. There is abundant evidence that North Korea's internet threat has become more advanced and aggressive since the report was issued.


Despite the current market dip, North Korea has been leading in cryptocurrency crime with its illegal hoarding of coins and tokens. Blockchain will draw North Korean hackers in the next years given that blockchain networks have already had several breaches and vulnerabilities. 

North Korean hackers have nothing to fear within their borders, so it is expected that the rest of the world will not be rid of Lazarus for a long time.

The crypto-verse might be in real trouble if attacks like this from a platform backed by the government continue to be successful. Therefore, Countering North Korea's cryptocurrency operations is crucial if we want to restore public trust in the DeFi system and stop the country from developing nuclear weapons.