North Korea's connection to cryptocurrencies has been known for a long time. In September 2018, for example, analysts Lordes Miranda and Ross Delston said that the government was using digital assets to circumvent sanctions. After all, coins are decentralised, which means no one can prohibit interaction with them at their discretion.

Apparently, nothing has changed since then.

How cryptocurrency hackers work

In a recent market study, Chainalysis added that after stealing funds, hackers launder money in crypto and carefully “cover their tracks”. This is done so that the cryptocurrencies received can be transferred and withdrawn through centralised exchanges or exchanges without further suspicion.

The process of hiding illicit activity itself involves exchanging ERC-20 tokens and other altcoins for Etherium through a decentralised exchange. The resulting ETH is then passed through what is known as a mixer – special software that mixes the coins together before distributing them to other addresses, making it much harder to track the flow of funds on the blockchain. The next step is to exchange the coins for bitcoins, run them through the mixer again and withdraw them to new cryptocurrency wallets.

North Korean leader Kim Jong-un

The withdrawn crypto-assets are then sent to centralised exchanges, predominantly from Asia. There, they are exchanged for real currency, which is withdrawn by bank and cash transfers. This strategy has been working well for several years now, as in 2021 alone, more than 65 per cent of the stolen money was laundered this way.

According to Decrypt sources, there were only four major cyberattacks directly linked to North Korea in 2020. In the past two years, the amount of funds stolen has increased by around 40 per cent. Given the rapid rise in Bitcoin and Etherium prices in the past year, North Korean hackers have successfully managed to “make money” from hacking crypto-platforms.

North Korean citizens

Incidentally, Bitcoin itself accounts for only a fifth of all funds stolen by North Koreans. 58 per cent of the dollar equivalent stolen came from Etherium, with other tokens accounting for the rest. Chainalysis also determined that at least $170 million worth of cryptocurrencies were withdrawn to North Korea after 49 different cyberattacks between 2017 and 2021. These funds have “not yet been dealt with” by the government, meaning they remain on cryptocurrency wallets for now, which is also generating dollar value through their capitalisation growth.

Here’s what experts say on the subject.

It is not known exactly why the hackers are still storing this money. Most likely, they hope that the tracking of the coins will gradually stop and they can be easily withdrawn.

So who is doing all this? Most of the cyber-attacks are carried out by a group of hackers called the Lazarus Group. They are supervised by North Korea’s General Intelligence Bureau, experts say. The men came to light after major cyberattacks on Sony Pictures and the spread of malware called WannaCry. Experts continue.

Since 2018, this group of hackers has stolen and laundered a huge amount of virtual currencies worth well over $200 million.

North Korea puts a lot of emphasis on training its own cybersecurity experts

Chainalysis experts believe this trend is very dangerous, and in the coming years an entire country’s government could become a major threat to the crypto industry. Moreover, this threat will come not from prohibitions on the crypto-sphere, but from targeted interference in its processes and undermining crypto-projects for large-scale profits.


We believe that these expert statistics are once again a reminder of the importance of properly storing one's cryptocurrencies. Ideally, they should be kept away from centralised exchanges, which could be subject to hacking. The best security in the niche is still provided by hardware wallets: they store private keys to addresses offline, making it impossible for hackers to reach them.