April 20, 2022 | Policy Brief

North Korean Hackers Stole $620 Million Worth of Cryptocurrency, FBI Finds

April 20, 2022 | Policy Brief

North Korean Hackers Stole $620 Million Worth of Cryptocurrency, FBI Finds

The FBI attributed a $620 million cryptocurrency theft to the North Korean hacking group Lazarus last week, while the Treasury Department sanctioned the digital wallet in which Lazarus had stashed the stolen funds. However, sanctioning the wallet alone is unlikely to prevent the hackers from laundering the funds back to the North Korean regime or deter them from future thefts.

Last month, Lazarus hackers breached Axie Infinity, a popular online video game that runs on blockchain technology, in which players use cryptocurrency to acquire creatures to use in the game’s battles. The hackers targeted the game’s underlying blockchain, compromising the software that lets users convert in-game tokens into cryptocurrencies usable outside the game.

The hackers stole 173,600 Ether and 25,500,000 USD Coins from players, speculators, and the company itself. An Ether is currently worth $3,118, while the price of a USD Coin is fixed at one dollar, bringing the total value of the stolen currency to roughly $620 million.

North Korean hackers have a long record of stealing money to prop up the Kim regime. Annual reports by the UN Panel of Experts assess that cybercrime is an “important source of revenue” for Pyongyang. The Lazarus group, for example, pocketed $81 million in 2016 after hacking the central bank of Bangladesh. The group almost got away with $1 billion, but a monitor noticed the theft in progress.

North Korean hackers have increasingly targeted cryptocurrency in part because digital wallets are easier to acquire than traditional bank accounts and because digital currency exchanges often have less stringent compliance procedures and less formidable cybersecurity than traditional financial institutions. In 2021 alone, North Korean stole over $400 million, according to the blockchain data firm Chainalysis. With the additional $620 million from the Axie Infinity hack, North Korean hackers will have generated more than $1 billion in stolen cryptocurrency in less than two years.

While cyber policy debates over the past 18 months have focused on Russian and Chinese cyber espionage and the proliferation of Ransomware-as-a-Service providers harbored inside Russia, North Korea’s equally rapacious and adept activity threatens to undermine U.S. policy on the Korean Peninsula. Billions of dollars’ worth of illicit income can help North Korea weather international sanctions aimed at limiting Pyongyang’s “development and proliferation of its weapons of mass destruction and ballistic missiles,” as Treasury Secretary Janet Yellen said earlier this month.

To cut off North Korea’s access to stolen funds, the Biden administration will need to work with Congress and industry stakeholders to require tighter controls over cryptocurrency transactions and accounts. Broader adoption of traditional banking compliance regulations such as “know your customer” and anti-money laundering controls could prevent hackers from circumventing sanctions against individual cryptocurrency wallets. Moreover, requiring additional access controls such as multifactor authentication for digital wallets can add simple yet effective barriers to attempted thefts. These controls can also help ensure that the magnitude of any theft is limited.

Mark Montgomery serves as senior director of FDD’s Center on Cyber and Technology Innovation (CCTI), where Trevor Logan is a cyber research analyst. They both contribute to FDD’s Center on Economic and Financial Power (CEFP). For more analysis from the authors and CCTI, please subscribe HERE. Follow Mark and Trevor on Twitter @MarkCMontgomery and @TrevorLoganFDD. Follow FDD on Twitter @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.


Blockchain and Digital Currencies Cyber North Korea Sanctions and Illicit Finance