The nosedive in cryptocurrency markets has wiped out millions of dollars in funds stolen by North Korean hackers, four digital investigators say, threatening a key source of funding for the sanctions-stricken country and its weapons programmes.
North Korea has poured resources into stealing cryptocurrencies in recent years, making it a potent hacking threat and leading to one of the largest cryptocurrency heists on record in March, in which almost $615 million was stolen, according to the U.S. Treasury.
The sudden plunge in crypto values, which started in May amid a broader economic slowdown, complicates Pyongyang’s ability to cash in on that and other heists, and may affect how it plans to fund its weapons programmes, two South Korean government sources said. The sources declined to be named because of the sensitivity of the matter.
It comes as North Korea tests a record number of missiles – which the Korea Institute for Defense Analyses in Seoul estimates have cost as much as $620 million so far this year – and prepares to resume nuclear testing amid an economic crisis.
Old, unlaundered North Korean crypto holdings monitored by the New York-based blockchain analytics firm Chainalysis, which include funds stolen in 49 hacks from 2017 to 2021, have decreased in value from $170 million to $65 million since the beginning of the year, the company told Reuters.
One of North Korea’s cryptocurrency caches from a 2021 heist, which had been worth tens of millions of dollars, has lost 80% to 85% of its value in the last few weeks and is now worth less than $10 million, said Nick Carlsen, an analyst with TRM Labs, another U.S.-based blockchain analysis firm.
A person who answered the phone at the North Korean embassy in London said he could not comment on the crash because allegations of cryptocurrency hacking are “totally fake news.”
“We didn’t do anything,” said the person, who would only identify himself as an embassy diplomat. North Korea’s foreign ministry has called such allegations U.S. propaganda.
The $615 million March attack on blockchain project Ronin, which powers the popular online game Axie Infinity, was the work of a North Korean hacking operation dubbed the Lazarus Group, U.S. authorities say.
Carlsen told Reuters that the interconnected price movements of different assets involved in the hack made it difficult to estimate how much North Korea managed to keep from that heist.
If the same attack happened today, the Ether currency stolen would be worth a bit more than $230 million, but North Korea swapped nearly all of that for Bitcoin, which has had separate price movements, he said.
“Needless to say, the North Koreans have lost a lot of value, on paper,” Carlsen said. “But even at depressed prices, this is still a huge haul.”
The United States says Lazarus is controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence bureau. It has been accused of involvement in the “WannaCry” ransomware attacks, hacking of international banks and customer accounts, and the 2014 cyber-attacks on Sony Pictures Entertainment.
Analysts are reluctant to provide details about what types of cryptocurrency North Korea holds, which might give away investigation methods. Chainalysis said that Ether, a common cryptocurrency linked to the open-source blockchain platform Ethereum, was 58%, or about $230 million, of the $400 million stolen in 2021.
Chainalysis and TRM Labs use publicly available blockchain data to trace transactions and identify potential crimes. Such work has been cited by sanctions monitors, and according to public contracting records, both firms work with U.S. government agencies, including the IRS, FBI and DEA.
North Korea is under widespread international sanctions over its nuclear programme, giving it limited access to global trade or other sources of income and making crypto heists attractive, the investigators say.
