Why are North Korean hackers such good crypto thieves?

Copyright © HT Digital Streams Limit all rights reserved. Economist, The Economist 5 min read May 26, 2025, 11:19 a.m., a man is a laptop, as cybercode is projected on him (Reuters) ‘s summary. They recently pulled off the world’s largest cyber-heist on February 21, a typical day, remember Ben Zhou, the boss of Bybit, a Dubai-based cryptocurrency exchange. Before going to bed, he approved a fund transfer between the firm’s accounts, a ‘typical maneuver’ performed while serving more than 60 m users around the world. Half an hour later he got a phone call. “Ben, there’s a problem,” his chief financial officer said, shaking voice. “We might be hacked … all the Ethereum is gone.” Independent investigators and America’s Federal Bureau of Investigations (FBI) soon point the finger on a well -known culprit: North Korea. Hackers of the Hermit Kingdom have established themselves as one of the biggest threats to the crypto industry and as an important source of income for Kim Jong Un’s regime, it helps to defend international sanctions, spoil his elite and finance his rocket and nuclear weapons programs. In 2023, North Korean hackers left with a total of $ 661 million, according to Chainalysis, a crypto investigation firm; They doubled the amount in 2024 and snapped up $ 1.34 billion over 47 separate Heists, equivalent to more than 60% of the global total of stolen crypto. The bybit operation indicates a growing degree of skill and ambition: In a single hack, North Korea has wiped the $ 1.5 billion equivalent from the scholarship, the largest heist in the history of cryptocurrency. North Korea’s looting is the payment of a decades-long effort. The country’s first computer science schools date back to the 1980s. The Gulf War helped the regime recognize the importance of networking technology for modern warfare. Talented math students have been placed in special schools and postponing compulsory annual rural labor, says Thae Yong Ho, a senior North Korean diplomat who uncovered in 2016. North Korea’s cyber forces envisaged in mid-2016 in mid-2016 in mid-2016. Mr. Kim calls cyberwarfare ‘an everyday sword’. The stealing of crypto involves two main phases. The first is to violate the systems’ systems – the digital equivalent of finding an underground passage to a bank’s safes. Phishing -E -E -mails can insert malicious code. Northern Korean operatives are a recruiters and locations of software to open infected files during false job interviews. Another approach involves the use of false identities to be rented in remote IT work in foreign enterprises, which may be a first step in accessing accounts. “They have become very good at finding vulnerabilities through social engineering,” says Andrew Fierman of chain alignment. In the BYBit case, hackers jeopardized the computer of a developer working for a digital wallet supplier. Once stolen, the cryptocurrency must be washed. Dirty money is spread across various digital wallets, combined with clean funds and is transferred between different cryptocurrencies, processes known in the industry as “blending” and “chain hopping”. “It’s the most sophisticated crypto-washers we’ve ever encountered,” says Tom Robinson of Elliptic, a blockchain analytic firm. In the end, the stolen funds must be paid out. A growing variety of underground services, very linked to Chinese organized crime, can help with this. Fees and interdicts by law enforcement lowers the total action, but North Korea can expect to receive ‘definitely 80%, maybe 90%’ from the funds stealing it, says Nick Carlsen, a former FBI analyst with TRM Labs, a blockchain intelligence firm. North Korea has several strengths. One is talent. It may seem against -intuitive: The country is desperately poor and ordinary citizens have severely limited access to the internet or even computers. But “North Korea can take the best thoughts and tell them what to do,” says Kim SeGeG-Joo of the School of Cybersecurity at Korea University in Seoul. “They don’t have to worry that they’re going to work at Samsung.” A team from a Northern Korean University came eighth during the International Collegiate Programming Contest in 2019 and beat that of Cambridge, Harvard, Oxford and Stanford. Those talents are also exploited. North Korean hackers work all the time. They are exceptionally fierce when they strike. Most state actors try to avoid diplomatic setbacks and “work as they are in Ocean’s 11: White gloves come in without anyone paying attention, steal the crown jewel, come out without being noticed,” says Jenny Jun of the Georgia Institute of Technology. North Korea does not place a premium on secrecy – they are not afraid to be hard. ‘For the North Korean regime, stolen crypto has become a lifeline, especially as international sanctions and the Covid-19 pandemic have cut their already limited trade. Crypto-Dating is a more effective way to earn hard currency than traditional sources, such as overseas laborers or illegal medicines. The United Nations Panel of Experts (UNPE), a monitoring body, reported in 2023 that Kuberdeft constitutes half of North Korea’s foreign currency revenue. North Korea’s digital looting last year was more than three times the value of its export to China, its most important trading partner. “You take what has taken millions of laborers, and you can repeat it with the work of a few dozen people,” says Mr. Carlsen. Those funds set up the regime. Hard currency is used to purchase luxury goods to keep elite in line. It probably also funds weapons. The majority of North Korea’s stolen crypto is believed to flow into its missile and nuclear weapons programs. Cryptocurrency investigators are getting better to detect stolen funds along the blockchain. Mainstream Cryptocurrency exchanges and issuers of stable coins often work with law enforcement to freeze stolen funds. In 2023, America, Japan and South Korea announced a joint effort aimed at contradicting North Korean cybercrime. America has approved several “mixing” service providers who used North Korea. Yet the authorities remain a step behind. After America approved North Korea’s favorite mixers, the hackers switched to others offering similar services. To tackle the problem, multilateral efforts on governments and the private sector are needed, but such collaboration was working. Russia used its UN veto last year to immerse the UNPs. President Donald Trump’s cuts to US development aid have hit programs aimed at building cyber security capacity in vulnerable countries. By contrast, the North Korean regime is throwing more resources on cybercrime. South Korea’s intelligence services believe its cybercrime power has grown from 6,800 people in 2022 to 8,400 last year. As the crypto industry expands in countries with weaker oversight of regulations, North Korea has an increasingly ‘rich target environment’, says Abhishek Sharma of the Observer Research Foundation, an Indian thinking tank. Last year, Mr. Sharma Notes, North Korea exchanges in India and Indonesia attacked. North Korea is already known to use artificial intelligence in its activities. AI instruments can help make Phishing -E -E -POSSE more convincing and easier to produce many languages ​​on scale. It can also make it easier to infiltrate businesses as remote technical workers. Bad days like Mr. Zhou’s can become increasingly typical. Catch all the business news, market news, news reports and latest news updates on Live Mint. Download the Mint News app to get daily market updates. More Topics #Technology Read Next Story