North Korea’s Cyber Army stole $3 billion in crypto to fund nuclear program.

A state-sponsored cyber army from North Korea has stolen $3 billion in cryptocurrencies, with 50% of the funds being used to finance the country’s ballistic missile program, according to an analysis by The Wall Street Journal. Over the past five years, North Korean hackers have netted more than $3 billion from crypto thefts. The stolen funds have been supplying approximately half of North Korea’s ballistic missile program, with defense accounting for a significant portion of the country’s expenditure. North Korean hacking groups are behind a huge portion of illicit cyber activities, as well as some of the biggest crypto heists ever. For instance, the North Korean Lazarus group of hackers is believed to be responsible for the hack of Axie Infinity’s Ronin blockchain, which saw hackers make off with about $625 million worth of Ethereum and USDC in one of the largest crypto hacks of all time. The big crypto thefts even caught the attention of the US government, which intensified its focus on countering such attacks. In April, the US Treasury revealed that North Korean hackers and scammers exploit loopholes in the decentralized finance (DeFi) space to launder money and hide criminal activity.

North Korean Hackers Shift Focus to Generating Cash

North Koreans’ focus has moved from espionage or attack capabilities for traditional geopolitical purposes to generating cash. They have also become more technically proficient. It is believed that thousands of IT workers, including government officials and freelance Japanese blockchain developers, part of a ‘shadow workforce,’ are linked to the regime’s cybercrime operations. International experts have long alleged North Korea to be sourcing funds through a digital bank-robbing army to evade harsh sanctions. The North Koreans’ focus on cyber theft has resulted in heists like the $81 million stolen from the central bank of Bangladesh in 2016. North Korea has also made over $100,000 from a quickly spreading worm called WannaCry, but nothing has been as profitable as their string of attacks on crypto, which began in earnest in 2018. More recently, hackers linked to North Korea pulled off a cascading supply-chain attack. They used this to break into software makers one at a time and corrupted their products to gain access to the computer systems of their customers. Security researchers have said that this was a first-of-its-kind attack that saw Trading Technologies as the victim. A corrupted version of Trading Technologies’ product was subsequently downloaded by an employee of 3CX, a software development company. The North Koreans then used access to 3CX systems to corrupt that firm’s software. From there, the North Koreans attempted to break into 3CX customers, including cryptocurrency exchanges, the WSJ report said.