Hackers sponsored by North Korea have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrencies from around the world since 2017, according to an AP News report citing South Korea's main spy agency, the National Intelligence Service (NIS).

The NIS believes that North Korea is among the best in the world when it comes to stealing crypto as the country turned its focus on cybercrime after U.N. economic sanctions were toughened in 2017 in response to its nuclear and missile tests.

In a statement announcing the launch of the NIS Cyber Cooperation Center on Thursday, the agency said North Korean hackers were specifically targeting decentralized finance (DeFi) platforms, earning 800 billion won ($626 million) this year alone through ransomware and other hacking threats. Of that sum, a reported $78 million has come from South Korea.


South Korea was also exposed to various attacks in the Web3 space, including the metaverse and non-fungible tokens (NFTs), the NIS said, with as many as 1.18 million attacks by national and international hacking organizations blocked in November this year.

Crypto funding North Korea

North Korea is reportedly using the stolen crypto to help fund its nuclear and missile programs, according to local news agency Yonhap. In February, a United Nations report also indicated that the hermit kingdom's missile programs rely heavily on revenue from cyberattacks.

The U.S. Treasury Department also cited Tornado Cash's role in assisting these state-sponsored cyberattacks when banning Americans from using the Ethereum coin mixer in August.

Last month, the Feds updated their sanctions against the protocol, taking into account “additional information” the Ethereum mixing tool allegedly played in supporting DPRK’s activities.

Infamous North Korea’s state-sponsored cybercriminal group Lazarus was connected to a $622 million hack of Sky Mavis’s Ethereum sidechain Ronin in March this year.


Lazarus was the lead suspect in a $100 million raid on Harmony’s Horizon bridge, a cross-chain bridge connecting Harmony to Ethereum, Binance Chain, and Bitcoin.

The NIS said North Korea has ramped up its cyber threats and other online attacks in protest of international sanctions on its nuclear and missile programs.

The agency also warned that North Korean hackers are expected to conduct more cyberattacks next year to steal advanced South Korean technologies and confidential information on South Korean foreign policy and national security.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.