North Korea’s Cybercrime and the Cryptocurrency Sector
North Korea’s ongoing cybercrime efforts have left the cryptocurrency sector increasingly apprehensive for several years. However, recent developments suggest a significant shift may be on the horizon, as indicated by the Ethereum Foundation. In a recent blog entry, the Swiss nonprofit revealed that its collaboration with blockchain security organizations led to the exposure of about 100 IT professionals tied to the Democratic People’s Republic of Korea (DPRK) over the course of six months.
ETH Rangers Program and Vulnerability Discovery
The foundation’s ETH Rangers Program played a pivotal role in identifying these personnel and also uncovered numerous vulnerabilities across the crypto landscape, prompting multiple incident responses. This effort highlights the human cost of the struggle against North Korean cyber activity, which remains a considerable threat.
Estimates and Research Findings
A United Nations report from earlier this year estimated that North Korea has sent between 3,000 and 10,000 IT specialists abroad, with a concerning count of approximately 1,500 currently in China. There are also intentions to deploy more workers to Russia. Research financed by the Ethereum Foundation pinpointed North Korean operatives working within approximately 53 cryptographic projects aimed at facilitating the regime’s next cyber heist.
The Ketman Project and Operational Security
The discoveries were part of the Ketman Project, which partnered with the Security Alliance (SEAL) to create a framework for detecting DPRK-linked labor. The Ethereum Foundation stated,
“This work addresses one of the crucial operational security threats confronting the Ethereum ecosystem today.”
Notably, blockchain investigator Nick Bax leveraged the ETH Rangers Program to alert over 30 teams regarding the presence of DPRK employees on their payrolls, which ultimately aided in freezing hundreds of thousands of dollars in cryptocurrency meant for malicious actors.
Record Theft and Ongoing Threats
In a staggering report published by blockchain security firm Chainalysis, it was revealed that North Korean hackers had committed a record $2 billion theft in cryptocurrencies last year—a 51% increase from the previous year’s figures. These hackers are known for infiltrating various services to gain unauthorized access, which poses a grave security risk to financial systems.
Recent Incidents and Legal Actions
The recent theft of $285 million from Drift Protocol highlighted these persistent fears following a protracted social engineering attack attributed to North Korean cybercriminals. Meanwhile, North Korea observed the birthday of its founding leader, Kim Il Sung, but the day was marked by distressing news from the U.S.
The Justice Department announced the sentencing of two U.S. citizens who had assisted North Korean operatives in impersonating Americans to infiltrate approximately 100 companies. Each individual received a prison term of no less than seven years after pleading guilty to charges of wire fraud and conspiracy to commit money laundering. They were found to have facilitated the transfer of millions of dollars from targeted U.S. businesses, receiving $700,000 in return for their services. However, the DOJ also indicated that eight other individuals involved in the scheme remain uncaptured.
