North Korean hackers boost Pyongyang’s huge crypto reserve – DW – 04/07/2025 #CriptoNews

North Korean hackers have stolen the equivalent of billions of dollars in recent years and the nation is seeking to amass even greater wealth through illicit means, experts told DW.

Hackers belonging to the Lazarus Group — a notorious North Korean crypto theft ring — stole a record $1.5 billion (some €1.37 billion) in digital tokens from Dubai-based cryptocurrency exchange ByBit in late February. The company said the hackers had accessed its digital wallet for Ethereum, the second-largest electronic currency after Bitcoin.

Binance News, a new platform operated by cryptocurrency exchange firm Binance, reported last month that North Korea now has some 13,562 Bitcoins, the equivalent of $1.14 billion. Bitcoin is the world’s oldest and best known cryptocurrency, often compared with gold due to its alleged resistance to inflation. Only the US and Great Britain have greater reserves of the currency, Binance News said, citing crypto data provider Arkham Intelligence.

“Let’s not mince words — [North Korea] achieved this through theft,” Aditya Das, an analyst at cryptocurrency research firm Brave New Coin in Auckland, New Zealand, told DW.

“Global policing agencies like the FBI have publicly warned that North Korean state-sponsored hackers are behind numerous attacks on cryptocurrency platforms,” he added.

Hackers use social engineering against crypto firms

Despite those warnings, however, crypto firms are still being robbed and North Korean hackers are becoming increasingly sophisticated, the analyst said.

“North Korea employs a wide range of cyberattack techniques, but they’ve become especially known for their skill in social engineering,” said Das.

“Many of their operations involve infiltrating employee hardware, then using that access to breach internal systems or lay traps from the inside.”

The hacker’s primary targets are crypto startups, exchanges and decentralized finance (DeFi) platforms due to their “often under-developed security protocols,” he said.

Recovery of funds ‘extremely rare’

Elite North Korean hackers tend to take their time when infiltrating a legitimate global organization, often by impersonating venture capitalists, recruiters or remote IT workers to build up trust and breach firms’ defenses.

“One group, Sapphire Sleet, lures victims into downloading malware disguised as job applications, meeting tools or diagnostic software — essentially turning victims into their own attack vectors,” Das said.

Once crypto has been stolen, Das says recovery is “extremely rare.” Cryptocurrency systems are designed to make transactions irreversible and striking back against North Korean operatives “is not a viable option because these are nation-state actors with top-tier cyber defenses.”

Kim Jong Un’s regime ‘saved’ by cryptocurrency theft

Park Jung-won, a professor of law at Dankook University, said North Korea previously relied on risky transactions — such as smuggling narcotics and counterfeit goods or supplying military instructors to African nations — to earn illicit funds.

The legal expert says the advent of cryptocurrency “has been a huge opportunity” for dictator Kim Jong Un.

“It is probably fair to say that given the way the world was cracking down on Pyongyang’s smuggling efforts, crypto has saved the regime,” Park told DW. “Without it, they would have been completely without funds. They know that and they have invested heavily in training the best hackers and getting them up to a very high level of skill.”

“The money that they are stealing is going straight to the government and the assumption is that it is being spent on weapons and greater military technology as well as the Kim family,” according to Park.

North Korea immune to international pressure

Park does not believe that outside pressure would force North Korea to end hacking attacks.

“For Kim, the survival of his dynasty is the most important priority,” the law professor said.

“They have become accustomed to this source of revenue, even if it is illegal, and they will not change,” he added. “There is no reason for them to suddenly start abiding by international law and there is no way to apply more pressure.”

Das agrees there are few tools available to influence North Korea. He says companies need to do everything in their power to avoid becoming the next victim.

“Best practices like secure-by-design smart contracts, constant internal verification and social engineering awareness are essential if the industry wants to stay ahead,” he said.

Crypto firms need universal security standards

There’s growing momentum for sector-wide information sharing which would help crypto firms detect North Korean tactics and avert attacks, but Das warns that crypto remains “fragmented” because there is no universal security standard. Also, North Korean hackers are good at turning security tools against their users, according to the analyst.

“In the Bybit case, the attackers exploited Safe, a multi-signature wallet system meant to enhance security. Ironically, this added security layer became the very exploit they used,” he said.

And in practice, Das added, “some firms still treat security as an afterthought.”

“From my experience, teams often prioritize shipping fast over building secure systems and until that changes, the space will remain vulnerable,” Das said.

Edited by: Darko Lamel