Special envoys for the Democratic People's Republic of Korea (DPRK) from the United States, Japan, and South Korea have expressed grave concerns about the country's growing nuclear program.
The envoys noted that North Korea's overseas workers, including IT specialists engaged in "malicious cyber activities," are a major factor in the regime's ability to finance its weapons programs through the theft and laundering of funds, including cryptocurrencies, per an AFP report.
Citing estimates from crypto analytics firm Chainalysis, North Korea-linked hackers stole a record of $1.7 billion in cryptocurrency last year alone. Diplomats said on Friday that they are “deeply concerned about how the DPRK supports these programs by stealing and laundering funds as well as gathering information through malicious cyber activities."
Chainalysis VP of investigations Erin Plante confirmed with Decrypt that "North Korea-linked hackers have been by far the most prolific cryptocurrency hackers over the last few years. In 2022, they shattered their own records for theft, stealing an estimated $1.7 billion worth of cryptocurrency across several hacks we’ve attributed to them, up from $428.8 million in 2021."
Despite the United Nations Security Council Resolution 2397, which mandated the repatriation of overseas North Korean workers by all UN member states, many of these individuals continue to work abroad.
"Overseas DPRK IT workers continue using forged identities and nationalities to evade UNSC sanctions and earn income abroad that funds the DPRK's unlawful weapon of mass destruction and ballistic missile programs," the envoys said in a joint statement Friday.
Hacker groups take aim at crypto
North Korean hackers have long been alleged of using cryptocurrencies to generate revenue for the country.
Last year’s report from cybersecurity firm Mandiant said that North Korean cybercriminals are targeting jobs listed on platforms such as LinkedIn and Indeed to plagiarize resumes and other people’s profiles to land remote work at crypto firms.
Among some high-profile attacks attributed to North Korean hackers was the 2018 theft of $530 million worth of cryptocurrency from the Japanese crypto exchange Coincheck. In what was one of the largest cryptocurrency heists in history, the hackers reportedly used malware to gain access to the exchange's systems and steal the funds.
"North Korea’s total exports in 2020 totaled $142 million worth of goods, so it isn’t a stretch to say that cryptocurrency hacking is a sizable chunk of the nation’s economy," said Chainalysis' Plante.
The Lazarus Group, a notorious hacking group believed to be sponsored by the North Korean government, is allegedly responsible for carrying out a number of high-profile cyber attacks against various targets, including banks, governments, and crypto exchanges.
Known for its use of sophisticated techniques in its attacks, including malware and spear-phishing campaigns, Lazarus was earlier this year identified by the FBI as the main culprit behind the $100 million hack of Harmony Protocol in June 2022.
In November last year, the U.S. Treasury Department revised its sanctions on Tornado Cash, an Ethereum coin mixer, highlighting its role in aiding malicious cyber activities that support the DPRK's weapons of mass destruction program.
Lazarus, according to U.S. authorities, used Tornado Cash as a primary tool to conceal stolen funds.
"The cooperation between law enforcement agencies and crypto experts, combined with the efforts of agencies like OFAC to cut off hackers’ preferred money laundering services from the rest of the crypto ecosystem, means that these hacks will get harder and less fruitful with each passing year," Plante told Decrypt.