North Korea’s Cyber Onslaught on Cryptocurrency: A $3 Billion Digital Heist

In recent years, North Korea has notably intensified its cyber operations, particularly targeting the cryptocurrency industry. This strategic shift emerged around 2017 when the country’s cybercriminal activities, previously focused on traditional financial institutions, pivoted towards the burgeoning field of digital currencies. The impetus for this change was likely due to the increased scrutiny and enhanced cybersecurity measures adopted by banks and financial institutions following a series of high-profile heists, including the infamous Bangladesh Bank robbery, according to Recorded Future.

Cryptocurrency, being a relatively new and less regulated industry, presented a lucrative and vulnerable target. North Korean operatives, leveraging their state-supported cyber capabilities, have since been implicated in a series of sophisticated attacks on various cryptocurrency exchanges and platforms globally. By 2022, their efforts culminated in the theft of an estimated $1.7 billion worth of cryptocurrency. This figure is staggering, not only in its sheer size but also in its economic significance to North Korea. It represents a substantial portion of the nation’s GDP and a significant chunk of its military budget, highlighting the strategic importance of these cyber heists to the regime.

The tactics employed by North Korean cyber actors mirror those used by traditional cybercriminals, including phishing, exploitation of software vulnerabilities, and the deployment of advanced malware. However, the scale and sophistication of their operations are markedly enhanced by the support and resources of a nation-state. This state backing allows them to execute more ambitious and coordinated attacks than typical cybercriminal groups.

In addition to stealing cryptocurrencies, North Korea has developed an intricate network for laundering these digital assets. The process often involves the use of cryptocurrency mixers and tumblers, services that obscure the origin of funds by mixing them with other transactions. This method complicates the task of tracing the stolen funds back to their illicit source. North Korean operatives have also been known to use stolen identities and fabricated documents to set up accounts on legitimate exchanges, further obfuscating their trail.

This pattern of cybercrime has significant implications not only for the cryptocurrency industry but also for the broader global financial system. The success of North Korea’s operations demonstrates the vulnerabilities that still exist in the digital financial world. It underscores the need for stronger regulatory frameworks and more robust cybersecurity measures across the industry.

Moreover, the use of stolen cryptocurrency to fund North Korea’s military ambitions, particularly its ballistic missile program, raises concerns at an international level. The regime’s ability to circumvent economic sanctions through cyber theft highlights the challenges faced by the global community in curbing North Korea’s military developments.

In response to this growing threat, experts suggest several mitigative strategies. Strengthening cybersecurity infrastructure, employing multi-factor authentication, training employees to recognize and respond to phishing attempts, and using hardware wallets for cryptocurrency storage are some recommended measures. Vigilance and caution in verifying the legitimacy of transactions and the sources of funds are also crucial in combating these sophisticated cyber operations.

As North Korea continues to refine its cyber capabilities and strategies, the need for a concerted and proactive response from the cryptocurrency industry and international regulatory bodies becomes increasingly urgent. The ongoing evolution of these cyber threats necessitates constant vigilance and adaptation to ensure the security and integrity of the global financial system.

Image source: Shutterstock


Tagged : / / / / / / /

Court Upholds OFAC’s Designation of Tornado Cash Under IEEPA

The United States District Court for the Northern District of Florida issued a decision concerning the designation of Tornado Cash by the Office of Foreign Assets Control (OFAC). The case, identified as Case 3:22-cv-20375-TKW-ZCB, revolved around the designation of Tornado Cash under the International Emergency Economic Powers Act (IEEPA). The IEEPA authorizes the president to declare national emergencies to handle unusual foreign threats to the United States’ national security, foreign policy, or economy. Utilizing this authority, the president had declared national emergencies concerning malicious foreign cyber-enabled activities and North Korea’s nuclear missile program.

Tornado Cash, a service utilizing smart contracts on the Ethereum blockchain to provide a degree of anonymity to transactions, was designated by OFAC on August 8, 2022, and later re-designated on November 8, 2022. This designation was challenged by the plaintiffs, who are users and a non-profit cryptocurrency advocacy organization. They argued that the designation of Tornado Cash’s core software tool exceeded OFAC’s statutory authority since it is mere computer code and no foreign entity has a legally recognized “property interest.” The designation listed 91 internet addresses affiliated with Tornado Cash, aiming to block and prohibit transactions through these addresses.

The Court’s decision upheld OFAC’s designation. It rejected the plaintiffs’ argument, stating that the operative language in the IEEPA is “any interest,” not “property interest” or “ownership interest.” According to the Court, Tornado Cash’s founders, developers, and Decentralized Autonomous Organization (DAO) have an indirect beneficial “interest” through the service’s usage, which increases the value of Tornado Cash’s governance token, TORN. The Court explained that an increased usage of Tornado Cash enhances the value of TORN, held by these entities, and thus establishes a financial “interest” for the purposes of the IEEPA.

Furthermore, the Court found that OFAC’s decision was not arbitrary or capricious and was adequately justified based on the foreign-affairs rationale, particularly given Tornado Cash’s involvement in laundering cryptocurrency for the benefit of the North Korean government. The Court also dismissed the plaintiffs’ First Amendment claims, stating the designation didn’t implicate Plaintiffs’ First Amendment rights as there are other privacy tools available for them.

In conclusion, the Court denied the plaintiffs’ motion for summary judgment and granted the defendants’ cross-motion for summary judgment, thereby upholding OFAC’s designation of Tornado Cash under the IEEPA. This judgment underscores the legal challenges faced by privacy-centric blockchain services in light of national security and foreign policy concerns.

Image source: Shutterstock


Tagged : / / / / / / / / / / /

FBI Monitors North Korea’s Lazarus Group in Major Cryptocurrency Heist

The Federal Bureau of Investigation (FBI) has recently alerted cryptocurrency firms about blockchain activities linked to the theft of a significant amount of cryptocurrency. Within the past day, the FBI has monitored cryptocurrency pilfered by actors affiliated with the Democratic People’s Republic of Korea (DPRK), commonly known as North Korea. These actors, known as the TraderTraitor group, are also recognized as the Lazarus Group and APT38. The agency suspects that North Korea might try to liquidate the bitcoin, which is valued at over $40 million.

Through its investigation, the FBI determined that the TraderTraitor-affiliated entities transferred around 1,580 bitcoin from multiple cryptocurrency thefts. They are presently holding these funds in specific bitcoin addresses, some of which include: 

– 3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG

– 39idqitN9tYNmq3wYanwg3MitFB5TZCjWu

– 3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk

These DPRK TraderTraitor-affiliated actors have been implicated in several notable international cryptocurrency thefts. This includes the theft of $60 million in virtual currency from Alphapo on June 22, 2023, a $37 million heist from CoinsPaid on the same date, and a staggering $100 million theft from Atomic Wallet on June 2, 2023. The FBI had previously shared details about their attacks on Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge and had issued a Cybersecurity Advisory on TraderTraitor.

The FBI advises private sector companies to scrutinize the blockchain data related to these addresses. They should remain cautious about transactions directly associated with, or originating from, these addresses. The FBI remains committed to unveiling and countering the DPRK’s engagement in illicit activities, such as cybercrime and virtual currency theft, as means to generate revenue. For those with relevant information, the FBI encourages reaching out to their local FBI field office or visiting the FBI’s Internet Crime Complaint Center at “”.

Recent Hack events related to DPRK

North Korea’s Notorious Lazarus Group: The crypto community has been on high alert due to a series of incidents that have been linked to North Korea’s notorious Lazarus Group. MistTrack, a leading crypto tracking platform, unveiled potential connections between the incidents involving CoinsPaid, AtomicWallet, and Alphapo on July 26, 2023. The Lazarus Group, also known as Hidden Cobra, is a cybercrime group believed to be based in North Korea. They have been implicated in several high-profile attacks, including the 2014 Sony Pictures hack, the 2016 Bangladesh Bank heist, and the 2017 WannaCry ransomware attack.

JumpCloud’s System Breach: On July 20, 2023, JumpCloud, an American IT management company, confirmed a system breach by a North Korean government-backed hacking group. This marked a strategic shift in their operations, targeting companies that can provide access to multiple sources of digital currencies. The breach was attributed to “Labyrinth Chollima,” a notorious squad of North Korean hackers with a history of targeting cryptocurrency entities.

Atomic Wallet Heist: North Korean cybercriminals were suspected in a cryptocurrency heist involving Atomic Wallet, where a substantial $35 million was stolen. This incident saw victims appealing directly to the thieves on Twitter, hoping for some semblance of mercy. The US administration has been aware of the potential national security implications of these cybercrimes, with nearly half of North Korea’s missile program funding traced back to these activities.

Euler Finance DeFi Hack: The DeFi world witnessed a significant breach when Euler Finance became the victim of the biggest DeFi hack of 2023, with $197 million in funds stolen. Blockchain investigator Chainalysis identified that some of the stolen funds were transferred to an address linked to North Korea. This incident raised questions about the security of DeFi platforms, highlighting the need for stronger security measures.

Image source: Shutterstock


Tagged : / / / /

Breaking: CoinsPaid, AtomicWallet, and Alphapo Incidents All Connected to North Korea’s Lazarus Group

MistTrack, a renowned crypto tracking and compliance platform, has unveiled potential connections between a series of incidents that have stirred the crypto community. These incidents involve CoinsPaid, AtomicWallet, and Alphapo, three major players in the crypto sphere.

On July 26, 2023, MistTrack hinted at the possibility of the notorious Lazarus Group being behind these incidents. The Lazarus Group, also known as Hidden Cobra, is a cybercrime group believed to be based in North Korea. Known for their cyber espionage and cyber warfare tactics, they have been implicated in a number of high-profile attacks, including the 2014 Sony Pictures hack, the 2016 Bangladesh Bank heist, and the 2017 WannaCry ransomware attack.

The first incident involves Alphapo, a prominent payment processor for various gambling services. On July 23, 2023, Alphapo reported that their hot wallets had been compromised, resulting in the loss of over $23 million in cryptocurrencies, including Ethereum (ETH), TRON (TRX), and Bitcoin (BTC). However, recent updates suggest that the total amount stolen is far greater than initially reported, amounting to $60 million.

The second incident involves Atomic Wallet, a noncustodial decentralized wallet, which reported losses of over $100 million due to a security breach. The losses from the Atomic Wallet heist have now skyrocketed to over $100 million, according to an analysis conducted by Elliptic. This alarming figure highlights the severity of the attack, which compromised an estimated 5,500 crypto wallets.

MistTrack’s investigation revealed that the address TNMW5iEH7CCudMTGFJA9Ch6KSf6J3hAJem received funds from TJXXmeUbie3JBfK7H3UQb43sWnbhhdTJQx, an address allegedly used by the Atomic Wallet hackers. This information was shared in response to a tweet by ZachXBT, who suggested that the Atomic Wallet hack might have been executed by the Lazarus Group. ZachXBT noted, “seeing lots of similarities in the laundering patterns to Ronin + Harmony.”

These findings were further corroborated by @onchainsnoop, who was acknowledged by MistTrack for meticulously unearthing the compelling correlation between these three major incidents. MistTrack extended an invitation to anyone with additional information to direct message or share their findings.

The platform acknowledged the improbability of a full recovery of the stolen funds but emphasized that every clue could help piece together the puzzle and potentially aid in reclaiming a portion of the stolen funds.

Image source: Shutterstock


Tagged : / / / / / / /

DeFi Hack Linked to North Korea

The DeFi world was rocked when Euler Finance fell victim to the biggest DeFi hack of 2023, with $197 million in funds stolen. Since then, the crypto community has been closely following the on-chain movements of the stolen funds, hoping to track down the attacker. Blockchain investigator Chainalysis recently identified that 100 ETH from the stolen funds was transferred to an address linked to North Korea.

The hacker responsible for the Euler Finance hack also transferred 3,000 ETH to Euler’s deployer account without disclosing their intent. However, no other transfers have been made at the time of writing, leaving many in the crypto community speculating whether the hacker was trolling or if they genuinely considered accepting Euler Finance’s bounty reward of $20 million.

While Chainalysis has linked the stolen funds to North Korea, it has also highlighted the possibility of misdirection by other hackers. It is unclear whether North Korea is actually involved in the hack or if the hacker was simply using the address to throw investigators off their trail.

The Euler Finance hack has raised questions about the security of DeFi platforms, as Euler Labs CEO Michael Bentley expressed disappointment in the hack, revealing that ten separate audits over two years had assured its security. The fact that the hacker was still able to access and steal the funds has highlighted the need for stronger security measures in DeFi platforms.

The use of DeFi platforms has skyrocketed in recent years, and the potential rewards have attracted many hackers seeking to exploit vulnerabilities in the system. This has led to an increase in DeFi hacks, with many experts calling for stronger security measures to protect investors’ funds. The Euler Finance hack serves as a reminder that even with multiple security audits, DeFi platforms are not immune to hacks, and investors should exercise caution when investing in these platforms.


Tagged : / / / / /

A British National Charged With Aiding North Korea in Violating US sanctions

A citizen of the United Kingdom who was wanted by the Department of Justice in the United States was apprehended by the Interpol office in Moscow (DoJ). The guy is suspected of participating in a plot to circumvent the restrictions imposed by the United States on North Korea.

Christopher Emms was taken into custody on February 21 in Moscow on the basis of a “red alert” issued by Interpol, as reported by the local media. The British national, who was 31 years old, was taken into custody at the hostel where he was sleeping.

In April 2022, it is believed that Emms, together with a citizen of Spain named Alejandro Cao De Benos, supplied North Korea with instructions on how it might utilize blockchain technology and cryptocurrencies to escape sanctions and wash dirty money. The 2019 Pyongyang Blockchain and Cryptocurrency Conference was both planned and coordinated by the two individuals.

Virgil Griffith, a person who once worked on the Ethereum project, is the third person involved in the plot. In November of 2019, he was taken into custody by the Federal Bureau of Investigation, and after entering a guilty plea, he was given a sentence of 63 months in jail. If found guilty on one count of conspiring to violate the International Emergency Economic Powers Act, Emms faces a possible maximum sentence of 20 years in jail.

Previously, Radha Stirling, the founder of Due Process International, which is a nongovernmental organization that helps defend human rights in the face of international enforcement agencies, stated that there was no strong evidence against Emms: “Precisely because he did nothing wrong; he provided no information to North Korea that doesn’t already appear on the first page of Google.”

After an eight-month travel restriction, Emms was finally free to leave Saudi Arabia in September 2022, after Saudi Arabia had rejected the American extradition request on the grounds that it had a legal foundation. He didn’t waste any time getting out of the country and went straight to Russia. However, despite the fact that the nation was the focus of the Department of Justice’s attempts to implement financial sanctions in the cryptocurrency industry, the local authorities made the decision to assist their American colleagues.


Tagged : / / / / / /

North Korea Stole Over $1 Billion in Crypto in 2022

According to an unclassified study from the United Nations, cybercriminals operating out of North Korea stole more digital assets in 2022 than in any previous year.

According to Reuters, the UN report was sent to a 15-person committee that is in charge of imposing sanctions on North Korea one week ago.

Following attacks on the computer networks of international aerospace and military corporations, it was discovered that hackers with ties to North Korea were responsible for between $630 million and more than $1 billion worth of crypto assets being stolen in 2017.

The United Nations research found that cyber assaults were more sophisticated than in previous years, making it more difficult than it has ever been to track down monies that have been stolen.

The independent sanctions monitors stated in their report to the United Nations Security Council Committee that “[North Korea] used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance and to steal information of potential value, including information related to its weapons programs.”

A report published on February 1 by the blockchain analytics company Chainalysis came to a similar conclusion last week. According to this report, North Korean hackers were responsible for the theft of at least $1.7 billion worth of cryptocurrency in 2022, making it the worst year ever for crypto hacking.

According to the company, the cybercriminal syndicates have been the most “productive bitcoin hackers over the last several years.”

According to Chainalysis, “For comparison, North Korea’s entire exports in 2020 comprised $142 million worth of products,” thus it isn’t a reach to argue that hacking cryptocurrencies is a major portion of the nation’s economy.

According to Chainalysis, at least $1.1 billion of the stolen wealth was acquired via hacks of decentralized finance protocols. This indicates that North Korea was one of the driving factors behind the trend of hacking decentralized financial protocols that accelerated in 2022.

The company also discovered that hackers with ties to North Korea often transfer huge quantities of money to mixers like Tornado Cash and Sinbad.

According to Chainalysis, the pace at which assets stolen by other persons or organizations are transferred to mixers is far lower than the rate at which funds stolen by hackers with ties to North Korea are transferred.

North Korea has frequently denied allegations that it is responsible for cyberattacks; however, the new UN report alleges that North Korea’s primary intelligence bureau, the Reconnaissance General Bureau, utilizes several groups such as Kimsuky, Lazarus Group, and Andariel specifically for the purpose of conducting cyberattacks.

According to the report published by the United Nations, “these actors continued to illicitly target victims in order to earn income and solicit information of value to the DPRK, particularly its weapons programmes.”

Last week, the entire report was presented to the North Korea sanctions committee of the 15-member council. According to recent reports, it is expected that the report will be made public either later this month or early in March.


Tagged : / / / / / /

Hackers Launder $27 Million in Stolen Ethereum From North Korean

The cash that were taken in June 2022 are still being laundered by the North Korean exploiters who were behind the assault on the Harmony Bridge. The criminals transferred another $27.18 million worth of Ethereum (ETH) over the weekend, as shown by on-chain data that was published on January 28 by blockchain detective ZachXBT.

ZachXBT said in a Twitter thread that the tokens had been moved to six other cryptocurrency exchanges, but he did not disclose which platforms had been the recipients of the tokens. Transactions were carried out from the three primary addresses.

ZachXBT claims that exchanges were informed about the cash movement, and that some of the stolen assets were blocked as a result. The exploiters’ activities to launder the money were strikingly similar to those taken on January 13, when over $60 million was laundered, the crypto detective saw. The exploiters were attempting to launder the money.

A few days after the Federal Bureau of Investigation (FBI) established that the Lazarus Group and APT38 were the perpetrators responsible for the $100 million breach, the cash were shifted shortly afterwards. The Federal Bureau of Investigation (FBI) issued a statement in which it mentioned that “through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $100 million worth of virtual currency from Harmony’s Horizon bridge.”

Transfers between Harmony and the Ethereum network, the Binance Chain, and Bitcoin may be made easier with the use of the Harmony Bridge. On June 23, a large number of tokens with a combined value of around $100 million were taken from the network.

After the vulnerability was discovered, 85,700 Ether was sent via the Tornado Cash mixer and then deposited to a number of other addresses. On January 13, the cybercriminals began moving stolen cash worth around $60 million using a privacy protocol called RAILGUN that was based on Ethereum. MistTrack, a tool for monitoring cryptocurrencies, conducted an investigation and found that 350 addresses have been linked to the assault. These addresses were used across several exchanges in an effort to conceal their identities.

Lazarus is a well-known cyber group that has been linked to a number of significant breaches in the cryptocurrency sector, including the theft of $600 million from the Ronin Bridge cryptocurrency exchange in March of last year.


Tagged : / / / /

Virgil Griffith Sentenced to 5-Year Jail for Helping Individuals in North Korea Evade Sanctions

The strong hands of the law have been stretched to Virgil Griffith, an American national and one of the Ethereum core programmers, who is sentenced to 63 months in jail by U.S. District Judge P. Kevin Castel for allegedly helping individuals in the Democratic People’s Republic of Korea (North Korea) evade the US imposed sanctions.


The relations between North Korea and the United States remain intense as North Korea is reportedly still active with its nuclear program, which is still under sanctions by the United Nations. Based on this, the U.S. government enacted the International Emergency Economic Powers Act (IEEPA) to prevent U.S. entities from doing business or selling technologies that can aid North Korea’s threats.

Despite knowing this, the Department of Justice (DoJ) said in its announcement that Griffith and his co-conspirators have developed and managed technologies that can help North Korean individuals mine crypto and eventually evade sanctions. The DoJ revealed that against the approval of relevant authorities, Griffith not just travelled to North Korea by offering services directly to the country, but he also had sought to recruit other American citizens to do the same.

“There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore our laws for its own benefit. Mr. Griffith admitted in court he took actions to evade sanctions, which are in place to prevent the DPRK from building a nuclear weapon. Justice has been served with the sentence handed down today,” said U.S. Attorney Damian Williams.

Griffith, 39, pled guilty to the charges levied against him, and following his sentence, he will be placed on 3 years of supervised release atop a $100,000 fine. The DoJ is known to be proactive when it comes to high-profile fraudulent cases featuring crypto-linked entities. One of the crackdowns launched by the DoJ in recent years involves former BitMEX co-founder and CEO, Arthur Hayes, who promptly resigned from the role following the criminal charges levied against him and other executives of the trading firm.

Image source: Shutterstock


Tagged : / / / / /

North Korea Allegedly Funding Missile Program With Stolen Crypto: Report

The United Nations (UN) says that North Korea is using cryptocurrency acquired in cyberattacks to help fund its illicit weapons program.

In a new report, Reuters says it has reviewed the confidential document submitted to the UN Security Council by independent sanctions monitors last Friday.

The document alleges that the rogue nation continues to violate international sanctions against weapons testing and launches dating back to 2006.

The monitors say,

“Although no nuclear tests or launches of ICBMs (intercontinental ballistic missiles) were reported, DPRK [Democratic People’s Republic of Korea] continued to develop its capability for production of nuclear fissile materials…

DPRK continued to seek material, technology and know-how for these programs overseas, including through cyber means and joint scientific research.”

The UN report cites cyberattacks as a source of funding for North Korea’s weapons program, including stealing over $50 million from several crypto exchanges from 2020 to 2021.

Chainalysis released an in-depth analysis of North Korea’s cybercrime methodology last month. The data firm says that North Korea utilized phishing, malware and code exploits to launch more than half a dozen cyberattacks that netted almost $400 million in 2021.

Chainalysis highlights the sophisticated nature of North Korea’s money laundering infrastructure, saying,

“DPRK is a systematic money launderer, and their use of multiple mixers – software tools that pool and scramble cryptocurrencies from thousands of addresses – is a calculated attempt to obscure the origins of their ill-gotten cryptocurrencies while off ramping into fiat…

Chainalysis has identified $170 million in current balances… that are controlled by North Korea but have yet to be laundered through services…

DPRK has massive unlaundered balances as much as six years old.”

Check Price Action

Don’t Miss a Beat – Subscribe to get crypto email alerts delivered directly to your inbox

Follow us on Twitter, Facebook and Telegram

Surf The Daily Hodl Mix



Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/iurii/Sensvector


Tagged : / / / / / / / / /
Bitcoin (BTC) $ 43,507.66 3.91%
Ethereum (ETH) $ 2,256.65 1.10%
Litecoin (LTC) $ 72.74 0.80%
Bitcoin Cash (BCH) $ 249.53 0.57%