North Korea has earned hundreds of billions of yen in foreign currency through 'virtual currency theft,' with some pointing out that it is easier to attack a virtual currency exchange than rob a bank.

North Korea is facing severe economic sanctions from the international community as a countermeasure to its nuclear and missile development, and is trying to obtain foreign currency in various ways. For North Korea, ``cryptocurrency theft'' has become one of the important means of acquiring foreign currency, and overseas media ABC News reported that virtual currency exchanges are easy targets.

North Korea was floundering under sanctions. Now it's making billions from stolen cryptocurrency - ABC News

https://www.abc.net.au/news/2023-11-18/how-north-korea-makes-a-fortune-stealing-crypto/103107824

In recent years, economic sanctions against North Korea have been significantly strengthened, making it difficult to obtain foreign currency through regular trade routes. In order to secure funds for nuclear and rocket development under these circumstances, North Korea is said to be turning its attention to acquiring foreign currency through crime.

One of these is `` ship-to- ship transfer,'' in which cargo is exchanged at sea instead of being delivered at a port. According to ABC News, North Korea has set sail on a cargo ship loaded with coal, turned off its satellite navigation system beacon and disappeared from the map, and then transferred the coal to a foreign ship at sea. At the same time, an empty oil transport ship is said to be leaving the port and loading oil from a foreign ship at sea. It is speculated that Russia and China may be involved in illegal ship-to-ship transfers to circumvent these sanctions.

There have also been confirmed cases of North Koreans smuggling drugs, gold bullion, weapons, etc. through North Korean embassies in foreign countries, and working as remote workers at foreign IT companies by lying about their place of residence. However, ABC News points out that the most important means of acquiring foreign currency for North Korea in recent years is the theft of virtual currency.

In 2017, ransomware `` WannaCry '' developed by a hacker group associated with North Korea infected many Windows devices and demanded a ransom in exchange for decrypting encrypted files. The attack damaged foreign hospital networks, railway systems, and numerous businesses and government agencies, but it was discovered that a kill switch was discovered that stopped the ransomware from spreading, and that files could be decrypted even after the ransom was paid. The number of ransom payments remained at less than 500, as it was reported that there was no guarantee that the ransom would be paid.

In 2021, the US Department of Justice indicted three North Korean hackers for their involvement in the creation of WannaCry.

The United States indicts three North Korean hackers who have attempted to steal a total of nearly 140 billion yen - GIGAZINE

However, after the WannaCry incident, North Korea began to focus on virtual currency theft. A particularly hot topic was the incident in March 2022 in which virtual currency worth 75 billion yen at the exchange rate at the time was stolen from the Vietnam-based game company 'Sky Mavis.'

It is known that what was used in the Sky Mavis hack was a ``fake employment offer'' sent to employees via LinkedIn. After going through the recruitment process, employees received a PDF file containing detailed salary information, which was said to contain spyware. As a result, North Korean hackers hacked Sky Mavis' virtual currency private key and stole a large amount of virtual currency.

``Fake job offer'' was used as a technique in the 75 billion yen hacking theft incident - GIGAZINE

ABC News points out that North Korea is targeting companies with large amounts of virtual currency and virtual currency exchanges, rather than ordinary people, as targets for cryptocurrency theft. Although most people use virtual currency exchanges like banks, virtual currency exchanges are poorly regulated and often lack security.

North Korean hackers are involved in about half of the virtual currency thefts that occurred in 2022, and the total damage is estimated to be $1.65 billion (approximately 250 billion yen). This amount was more than three times the amount of ransomware losses in 2022, and about twice as much foreign currency as North Korea earned through other means, ABC News reported.

ABC News said, ``To put it bluntly, crypto theft was North Korea's main source of foreign currency income in 2022.'' ``Crypto exchanges are still unregulated, and Kim Jong Un or someone else could use them to fund nuclear weapons.'' It is an insecure source of funds that can be extorted for profit.”