North Korea’s increasing use of crypto heists to fund nukes worries US

North Korea is increasingly using its crypto heists to fund its nuclear weapons program, worried U.S. officials say.

“I’m very concerned about North Korea’s cyber capabilities,” Anne Neuberger, the Biden administration’s deputy national security adviser for cyber and emerging technology, said recently during an event hosted by the Center for a New American Security (CNAS). “They use cyber to gain, we estimate, up to a third of [stolen crypto] funds to fund their missile program.”

“That’s a major issue, whether it’s attacks against cryptocurrency exchanges or use of information technology workers in various countries,” Neuberger said. 

She added that North Korea’s expansion of its missile testing is a top priority for the U.S., which is taking multiple steps to counter Pyongyang’s cyber threats, including imposing sanctions against criminal groups and seizing stolen digital assets. 

This week, the Treasury Department imposed sanctions on cryptocurrency mixer Tornado Cash for allegedly helping hackers launder more than $7 billion worth of virtual currency.

The department said Tornado Cash allowed cyber groups, including North Korean-backed hackers, to use its platform to launder the proceeds of cybercrimes. 

A United Nations report this year found that between 2020 and 2021, North Korean-backed hackers stole more than $50 million in digital assets to fund the country’s missile program, the BBC reported. The U.N. report also revealed that the attacks targeted at least three cryptocurrency exchanges in North America, Europe and Asia.

U.N. investigators said at the time that the attacks are an “important revenue source” for North Korea’s nuclear and ballistic missile program.

In 2019, the U.N. submitted a similar report, this time saying that North Korea had raised about $2 billion to fund its weapons of mass destruction programs using sophisticated cyberattacks that targeted banks and cryptocurrency exchanges. 

In April, the FBI said that North Korean-sponsored hackers known as the Lazarus Group, which had been previously sanctioned by the Treasury Department for targeting critical infrastructure, were responsible for stealing about $620 million in cryptocurrency from the virtual game Axie Infinity. 

North Korea began aggressively targeting the financial sector, specifically digital currency, following the rise of bitcoin in the mid-2010s and the expansion of U.S. and U.N. sanctions against Pyongyang, said Jason Bartlett, a research associate for the energy, economics and security program at CNAS.

“Right now, when we’re thinking about North Korea and cyber, there is this big focus on the global financial services, mainly because North Korea needs money compared to other U.S. cyber adversaries like Iran, China and Russia,” he said.  

Bartlett added that North Korea also likely turned to crypto because it wasn’t well regulated and understood at the time, making it easier for the East Asian country to exploit it for its own gains.

Although North Korea has shifted most of its cyberattack focus to the financial industry to generate income, it still uses hacks to target government institutions, especially ones in South Korea.

“There have been instances of them also having politically motivated cyberattacks, but the majority of them are more financial-based,” Bartlett said. 

Jenny Jun, a political science Ph.D. student at Columbia University, said that North Korea has used its cyber capabilities to conduct political and economic espionage, coerce and intimidate individuals it perceives as a threat to its government and for the “survival and continuation of the Kim family rule.” 

“Even before the [emergence] of cybercrime, North Korea maintained an extensive illicit network to generate foreign cash, which was controlled by the Kim family to placate a small circle of elites, engage in repression and also pursue expensive weapons programs such as missile and nuclear programs,” Jun said. 

President Biden has faced criticism for not taking a more aggressive approach to North Korea following the test launch of several ballistic missiles earlier this year. 

Biden, who has called for new diplomatic talks between the two nations, has so far not been able to bring North Korea to the table. 

Secretary of State Antony Blinken has said that North Korea’s latest missile tests were “profoundly destabilizing,” and that the administration is closely working with its allies, including South Korea and Japan, on a response.

While there’s been little diplomatic engagement, the Biden administration has been actively countering North Korea in cyberspace, Neuberger said at the CNAS event. 

Last month, the Department of Justice (DOJ) and the FBI announced the recovery of more than half a million dollars in ransom payments after it disrupted ransomware operations of a North Korean state-sponsored group that targeted U.S. medical facilities. 

Deputy Attorney General Lisa Monaco said that the stolen funds were laundered through cryptocurrency. 

In 2020, the DOJ filed a motion to seize 280 cryptocurrency accounts for allegedly facilitating the laundering of millions of dollars during two North Korean hacking incidents. 

“We’re doubling down and planning to do much more work to make it riskier, costlier and harder for North Korea to gain funds that way,” Neuberger said.