North Korea’s Cryptocurrency Heists: A Strategic Shift in Pursuit of Foreign Currency


In March 2022, a senior software engineer at a gaming company in Singapore found themselves unwittingly entangled in a complex web of international intrigue. The engineer, seeking better prospects due to the challenging situation at their current company, Sky Mavis, makers of the popular play-to-earn game Axie Infinity, received what seemed to be a promising job offer. Little did they know that clicking on a seemingly innocent PDF would set off a chain of events leading to one of the most significant heists in history, not just in the realm of cryptocurrency but in any field.

The PDF, supposedly containing salary details for the job offer, was a fake, meticulously crafted by North Korean hackers. With this malicious ploy, they gained access to Sky Mavis’s private keys – the cryptographic access codes crucial for controlling the company’s cryptocurrency accounts. In a swift move, the hackers siphoned off approximately $600 million in cryptocurrency, marking a colossal breach that echoed the growing trend of North Korea turning to cybercrime, particularly cryptocurrency theft, as a primary source of income.

This strategic shift can be traced back to 2017 when North Korea faced unprecedented challenges in securing foreign currency. International sanctions, imposed in response to leader Kim Jong-un’s provocative missile tests, severely limited the country’s ability to engage in traditional trade. The United Nations aimed to cut off North Korea’s access to foreign currency, making it more challenging for the regime to fund its nuclear weapons and missile programs. Faced with this financial blockade, North Korea turned to unconventional methods to generate income.

One such method involved trading coal, a resource the country has in abundance. Ships carrying North Korean coal would disappear off the map, only to reappear later having engaged in ship-to-ship transfers, potentially sidestepping sanctions and trading with countries like Russia and China. Smuggling illegal goods, including heroin, methamphetamines, gold bars, and guns, through their embassies became another avenue for income. Additionally, North Korean citizens were sent abroad to work in high-paying industries, with their earnings sent back to the government.

However, these schemes proved challenging to maintain and yielded relatively modest returns. Seeking more lucrative opportunities, North Korea turned to cybercrime, with a particular focus on cryptocurrency theft. The infamous Wannacry virus, developed in 2017, marked one of their early attempts to raise revenue through cybercrime. While not as financially successful as hoped, it laid the groundwork for a more significant and sustained effort to exploit the vulnerabilities of cryptocurrency exchanges.

Cryptocurrency exchanges, unlike traditional banks, operate in a largely unregulated and often insecure environment. The absence of robust security measures made them susceptible to North Korea’s hacking activities. Senior employees at these exchanges became unwitting targets, lured by fake job offers. Once inside, North Korean hackers executed heists, amassing staggering sums of money.

In 2022, North Korea’s hacking gang was responsible for half of all cryptocurrency theft globally, raking in an astonishing $1.65 billion. This sum surpassed the global revenue from ransomware, making cryptocurrency theft North Korea’s primary form of foreign currency income. The influx of funds enabled Kim Jong-un to escalate missile launch tests, conducting 121 rockets tests in 15 months.

The situation has raised concerns about the potential sale of North Korean weapons to other nations, with speculation that Kim may be supporting Russia’s war in Ukraine. This shift in strategy poses significant challenges to global security, as cryptocurrency exchanges remain vulnerable to exploitation.

The current lack of a comprehensive plan to address these vulnerabilities underscores the urgent need for regulatory measures and enhanced security protocols in the cryptocurrency space. As North Korea continues to exploit the unregulated nature of cryptocurrency exchanges, the international community must devise effective strategies to curb cybercriminal activities, safeguard financial systems, and mitigate the potential repercussions of nations financing illicit activities through digital means.