Despite claims of cryptocurrencies being a secure store of value, incidents of crypto thefts keep cropping up. Earlier this year in February, a Dubai based cryptocurrency exchange, ByBit, lost $1.5bn to hackers traced to North Korea. Apparently, this is not the first:
“In 2023 North Korean hackers made away with a total of $661m, according to Chainalysis, a crypto-investigations firm; they doubled the sum in 2024, racking up $1.34bn across 47 separate heists, an amount equivalent to more than 60% of the global total of stolen crypto. The ByBit operation indicates a growing degree of skill and ambition: in a single hack, North Korea swiped the equivalent of $1.5bn from the exchange, the largest-ever heist in the history of cryptocurrency.”
How did North Korea come around to being the home to the world’s most profilific crypto hackers?
“North Korea’s plunder is the payoff from a decades-long effort. The country’s first computer-science schools date back to at least the 1980s. The Gulf War helped the regime recognise the importance of networked technology for modern warfare. Talented maths students were put into special schools and given reprieves from mandatory annual countryside labour, says Thae Yong Ho, a senior North Korean diplomat who defected in 2016. Originally envisaged as a tool for espionage and sabotage, North Korea’s cyber-forces began to focus on cybercrime in the mid-2010s. Mr Kim is said to call cyberwarfare “an all-purpose sword”.
Stealing crypto involves two main phases. The first is breaching a target’s systems—the digital equivalent of finding an underground passageway to a bank’s vaults. Phishing emails can insert malicious code. North Korean operatives pose as recruiters and entice software developers to open infected files during fake job interviews. Another approach involves using fake identities to get hired at remote IT jobs with foreign companies, which can be a first step to accessing accounts. “They’ve become really good at finding vulnerabilities through social engineering,” says Andrew Fierman of Chainalysis. In the ByBit case, hackers compromised the computer of a developer working for a provider of digital wallet software.
Once stolen, the cryptocurrency has to be laundered. Dirty money is spread across multiple digital wallets, combined with clean funds and transferred between different cryptocurrencies, processes known in the industry as “mixing” and “chain hopping”. “They’re the most sophisticated crypto launderers we’ve ever come across,” says Tom Robinson of Elliptic, a blockchain-analytics firm.”
But how does a country as poor as North Korea with restricted access to the internet and computers produce such talent?
““North Korea can take the best minds and tell them what to do,” says Kim Seung-joo of the school of cybersecurity at Korea University in Seoul. “They don’t have to worry about them going to work at Samsung.” At the International Collegiate Programming Contest in 2019, a team from a North Korean university came eighth, beating those from Cambridge, Harvard, Oxford and Stanford.
Those talents are also exploited. North Korean hackers work around the clock. They are unusually brazen when they strike. Most state actors seek to avoid diplomatic blowback and “operate like they’re in Ocean’s 11: white gloves, get in without anyone noticing, steal the crown jewel, get out without being noticed,” says Jenny Jun of the Georgia Institute of Technology. North Korea does not “place a premium on secrecy—they’re not afraid to be loud.””
If you want to read our other published material, please visit https://marcellus.in/blog/
Note: The above material is neither investment research, nor financial advice. Marcellus does not seek payment for or business from this publication in any shape or form. The information provided is intended for educational purposes only. Marcellus Investment Managers is regulated by the Securities and Exchange Board of India (SEBI) and is also an FME (Non-Retail) with the International Financial Services Centres Authority (IFSCA) as a provider of Portfolio Management Services. Additionally, Marcellus is also registered with US Securities and Exchange Commission (“US SEC”) as an Investment Advisor.
