North Korea’s Crypto Crime Spree: A 2025 Overview
The Scale of the Problem
A report from the Multilateral Sanctions Monitoring Team (MSMT), comprised of the U.S., Japan, Germany, France, Canada, Australia and other Western nations, reveals the staggering sums North Korea has pilfered from the crypto sphere. Since January 2024, the DPRK has allegedly stolen $2.84 billion in cryptocurrency, with “at least” $1.65 billion taken between January and September alone. This illicit revenue stream is primarily channelled into the nation’s weapons programs, from armoured vehicles to advanced missile systems.
The infamous February 2024 Bybit hack contributed significantly to this total. But beyond these headline-grabbing heists, the MSMT report exposes a more insidious strategy: the DPRK’s widespread use of remote IT workers to generate revenue in violation of UN Security Council Resolutions.
The IT Worker Programme: A Covert Operation
Despite international sanctions forbidding the employment of North Korean nationals, the DPRK has infiltrated the labour markets of at least eight countries, including China, Russia, Laos, Cambodia, Equatorial Guinea, Guinea, Nigeria, and Tanzania. Before geopolitical changes reduced these figures, reports indicated that between 1,000 and 1,500 DPRK workers were based in China, with plans to deploy as many as 40,000 workers to Russia. These IT workers, often posing as foreign nationals, engage in various activities, including software development, website creation, and mobile app development, all while funneling revenue back to Pyongyang.
The Fight Back: Western Agencies and Private Firms Strike Back
While the MSMT characterises North Korea’s cyber force as “a full-spectrum, national program operating at a sophistication approaching the cyber programs of China and Russia,” the report also underscores the growing resilience of Western agencies and firms in combating this threat. Andrew Fierman, Head of National Security Intelligence at Chainalysis, emphasises the increasing ability of law enforcement, national security agencies, and the private sector to identify associated risks and fight back effectively.
Examples of this growing resistance include the U.S. Office of Foreign Assets Control (OFAC) sanctioning a fraudulent IT worker network linked to the DPRK. These actors were designated for their involvement in schemes that funnelled DPRK IT worker-derived revenue to support DPRK weapons of mass destruction and ballistic missile programs. This coordinated effort showcases the power of international collaboration in disrupting North Korea’s illicit activities.
Recovering Stolen Funds
The recovery of tens of millions of dollars worth of cryptocurrency from the Bybit hack demonstrates the increasing effectiveness of tracking and seizing stolen funds. Reports indicated that a portion of the funds had been traced to a Greek crypto-exchange. Beyond law enforcement efforts, the private sector is stepping up its game. Crypto exchanges like Kraken and Binance have implemented enhanced security measures to identify and prevent North Korean operatives from infiltrating their platforms.
In May of this year, Kraken’s efforts exposed a network of North Korean IT workers attempting to use its platform. Binance’s chief security officer reported that the exchange discards resumes from North Korean attackers looking to get hired at the firm on a daily basis. These proactive measures are crucial in preventing further exploitation of the crypto ecosystem.
Crypto’s Role in North Korea’s Weapons Program
The nexus between North Korea’s crypto crime and its weapons program is a critical point of concern. As the MSMT report makes clear, the funds generated by the DPRK’s activities are generally siphoned to its weapons program, facilitating the procurement of everything from armoured vehicles to portable air-defense missile systems.
Furthermore, the DPRK’s cyber espionage operations target critical industries, including semiconductors, uranium processing, and missile technology, creating a dangerous feedback loop between their financial crimes and military capabilities. This highlights the urgency of disrupting North Korea’s illicit crypto activities to prevent further advancements in its weapons program. Given the country’s increasing isolation, Cryptocurrency offers them a lifeline, making it even more vital that the industry steps up efforts to stop the theft and laundering of funds.
Recommendations and the Road Ahead
To effectively combat North Korea’s evolving crypto crime tactics, increased collaboration between public and private entities is essential. Data-sharing initiatives, government advisories, real-time security solutions, advanced tracing tools, and targeted training can empower stakeholders to quickly identify and neutralise malicious actors while building the resilience needed to safeguard crypto assets.
- Comprehensive blockchain monitoring is paramount to track the flow of illicit funds.
- Enhanced due diligence for IT contractor hiring is crucial to prevent North Korean operatives from infiltrating organisations.
- The deployment of advanced threat detection systems can help identify and neutralise malicious activity.
- Regular security audits are necessary to assess and mitigate vulnerabilities.
- Clear protocols for large transactions can help detect and prevent money laundering.
By implementing these measures, affected parties will be better equipped to identify and freeze stolen funds before they can be laundered, while also mapping North Korea’s financial networks. The battle against North Korea’s crypto crime is far from over. However, with increased vigilance, collaboration, and innovation, the crypto community can effectively defend itself and safeguard the integrity of the digital economy.
