According to security research firm FireEye, Kim Jong Un’s DPRK (aka N Korea) is focusing on Bitcoin (BTC) as a source of foreign funds. That he seeks to do this is a direct consequence of US-inspired, and UN-mandated sanctions. As so often the laws of unintended consequences may yet apply. In this case, not only BTC (Bitcoins) may lose their lustre but all non-state actor cryptocurrencies may lose theirs.

As FireEye’s teport describes it: “Now, we may be witnessing a second wave of this campaign: state-sponsored actors seeking to steal bitcoin and other virtual currencies as a means of evading sanctions and obtaining hard currencies to fund the regime. Since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds. The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware (PEACHPIT and similar variants) linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016.”

Why should the DPRK target cryptocurrencies?

The United States has initiated a strategy of increased economic sanctions against the DPRK. Ever tightening sanctions, especially surround foreign exchange and the DPRK’s ability to pay for what it wants, are an obvious justification for driving interest in cryptocurrency. After all, BTC (and others) possess loose regulation (if any at all), least of all by the US or its allies.

Better still, with BTC brute force can win. As pointed out in ET, a shrinking number of miners dominate the processing of transactions onto the blockchain. There is no obvious reason why any state actor with deep resources, and lots of electricity, cannot decide to ‘take over’ and become a dominant player. Indeed, it might be easiest to ‘buy off in secret’ the largest 3-4 Chinese miners (though the offer of infinite free holidays in Pyongyang would likely be an unattractive inducement).

As FireEye puts it: “While bitcoin and cryptocurrency exchanges may seem like odd targets for nation state actors interested in funding state coffers, some of the other illicit endeavors North Korea pursues further demonstrate interest in conducting financial crime on the regime’s behalf. North Korea’s Office 39 is involved in activities such as gold smuggling, counterfeiting foreign currency, and even operating restaurants. Besides a focus on the global banking system and cryptocurrency exchanges, a recent report by a South Korean institute noted involvement by North Korean actors in targeting ATMs with malware, likely actors at the very least supporting similar ends.

If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies such as South Korean won, US dollars, or Chinese renminbi. As the regulatory environment around cryptocurrencies is still emerging, some exchanges in different jurisdictions may have lax anti-money laundering controls easing this process and make the exchanges an attractive tactic for anyone seeking hard currency.”

Is there evidence that the DPRK acts?

The DPRK, according to FireEye, has initiated the following against RoK (South Korea) targets since March of this year alone:

April: this saw the compromising of 4 wallets on Yapizon, a South Korean cryptocurrency exchange (FireEye qualifies this with: “It is worth noting that at least some of the tactics, techniques, and procedures were reportedly employed during this compromise were different than those we have observed in following intrusion attempts and as of yet there are no clear indications of North Korean involvement)

  • Early May: spearphishing against South Korean Exchange #1 begins
  • Late May: South Korean Exchange #2 compromised via spearphish
  • Early June – More suspected North Korean activity targeting unknown victims, believed to be cryptocurrency service providers in South Korea
  • Early July – South Korean Exchange #3 targeted via spear phishing to personal account.


Why does this matter

Satoshi’s original premise for Bitcoin was that it belonged outside fiat currencies. He (or she) presumed that the policy of innumerable miners would ensure independence from any dominant player. Yet this presumption requires that no single player take >50% control of the blockchain updates and BTC mining.

To most outsiders this is the weak spot of BTC and, therefore, of most cryptocurrencies. While the possibility of (say) the NSA or GCHQ entering the BTC mining business is small, few have considered the threat of determined rogue actors. With some 14M bitcoins already mined, these are worth some $56B if turned into US$ at $4K/BTC. ‘Extracted’ with an element of subtlety this could enable the DPRK (or another rogue state actor) to finance its activities for some time. After all, the DPRK’s estimated GDP is c US$12Bper annum.

Some may argue that the DPRK is not subtle, is desperate and the remoulding of the Bitcoin blockchain (which a >50% controller could do) would be too obvious. These assertions may be true. But they miss the point.

If the DPRK (or any other rogue actor) were to undermine the BTC blockchain’s credibiliity, this would remove the foundations from a $160B cryptocurrency marketplace. Ironically, those who might be happiest could be the conventional central banks. Might they step in with fiat-cryptocurrencies, ones which they controlled?

All in all, it is topsy-turvy in the crypto-currency world.

Previous articleEquinix acquires Itconic to expand European footprint
Next articleZF, UBS and IBM combine in Car eWallet
Charles Brett
Charles Brett is a business/technology analyst consultant. His specialist areas include enterprise software, blockchain and enterprise mobility tech (including metering). Specific industry sectors of interest and experience include finance (especially systems supporting wholesale finance), telecommunications and energy. Charles has spoken at multiple industry conferences, has written for numerous publications (including the London Times and the Financial Times). He was the General Chair of the bi-annual High Performance Systems Workshop, 2005. In addition he is an author and novelist. His Technology books include: Making the Most of Mobility Vol I (eBook, 2012); Explaining iTunes, iPhones and iPads for Windows Users (eBook, 2011); 5 Axes of Business Application Integration (2004). His published novels, in the Corruption Series, include: The HolyPhone Confessional Crisis, Corruption’s Price: A Spanish Deceit and Virginity Despoiled. The fourth in The Corruption Series - Resurrection - has is now available. Charles has a B.A. and M.A in Modern History from the University of Oxford. He has lived or worked in Italy, Abu Dhabi, South Africa, California and New York, Spain, Israel, Estonia and Cyprus.


Please enter your comment!
Please enter your name here