Hacking for Hard Currency: How North Korea Uses Cryptocurrency to Evade Sanctions

Hacking for Hard Currency: How North Korea Uses Cryptocurrency to Evade Sanctions

North Korea, a nation shrouded in secrecy and isolation, has found a novel way to circumvent international sanctions and generate revenue: cryptocurrency. In the shadows of the digital world, North Korean hackers are orchestrating a series of cyberattacks, targeting cryptocurrency platforms and exchanges to steal digital assets. This stolen crypto is then converted into cash, providing the regime with much-needed funds to finance its activities.

North Korea’s State-Sponsored Hacking Infrastructure

North Korea’s cyber capabilities are orchestrated primarily through entities like the Lazarus Group, a notorious hacking collective believed to operate under the direction of the North Korean regime. The Lazarus Group has been implicated in a string of high-profile cyberattacks, including the 2014 Sony Pictures hack and the global WannaCry ransomware attack in 2017. These operations underscore the sophistication and audacity of North Korea’s state-sponsored hacking infrastructure.

Cryptocurrency as a Strategic Tool

As international sanctions have cut into North Korea’s ability to import and export things, it’s been running continuous plots and schemes to get access to foreign currency. But they have discovered that nothing compares to stealing cryptocurrency. As of last year, stealing cryptocurrency was North Korea’s primary form of foreign currency income. UN sanctions monitors are currently investigating dozens of suspected cyber-attacks by North Korea that raked in $3bn to help it further develop its nuclear weapons programme, according to excerpts of an unpublished UN report reviewed by the Reuters news agency. Recently, the U.S. Senator Elizabeth Warren and a further 19 senators have sponsored a bill in Congress which would crackdown on crypto, highlighting its use in virtually all ransomware attacks. 

Challenges in Defeating North Korea’s Cyber Threats

Defeating North Korea’s state-sponsored hacking and cryptocurrency activities presents a myriad of technical and geopolitical challenges. It’s nearly impossible to attribute the culprit with 100% accuracy as North Korea’s clandestine tactics and the use of proxy servers further confuse attempts to definitively attribute cyber incidents.

The transnational nature of cybercrime complicates efforts to combat North Korea’s cyber threats. Cybercriminal activities transcend borders, requiring robust international cooperation and coordination to investigate, prosecute, and deter malicious actors effectively. However, diplomatic tensions and geopolitical rivalries can impede collaborative efforts, limiting the efficacy of international responses to North Korea’s cyber aggression.

The rapid evolution of cyber techniques and technologies poses ongoing challenges for defenders. North Korean hackers demonstrate a remarkable ability to innovate and adapt their tactics, exploiting vulnerabilities in software, leveraging social engineering techniques, and employing sophisticated malware to achieve their objectives. This dynamic landscape demands continual vigilance and adaptation on the part of cybersecurity professionals and policymakers alike.


North Korea’s state-sponsored hacking and cryptocurrency activities represent a formidable challenge to global cybersecurity and financial stability. The regime’s adeptness in leveraging cyberspace for geopolitical ends underscores the need for enhanced international cooperation, technological innovation, and diplomatic engagement to mitigate and deter cyber threats effectively. While the task of defeating North Korea’s cyber capabilities may seem daunting, it is imperative that the international community remains vigilant and proactive in confronting these evolving challenges.