North Korea's nuclear program is funded by stolen cryptocurrency. Could it collapse now that FTX has?

Since the world’s second-largest crypto exchange, FTX, declared bankruptcy^[1] earlier this month, the flow-on effects^[2] have been felt far and wide^[3].

But among the many victims are also some not-so-innocent parties. For the Democratic People’s Republic of Korea, a country facing heavy sanctions, cryptocurrency theft has been a (relatively) simple way^[4] to fund the country’s expanding nuclear arsenal.

It’s well documented^[5] that Kim Jong-un’s military operation hackers have been stealing cryptocurrency^[6] to support North Korea’s nuclear and missile program^[7] for several years.

But with the general downturn in the crypto market, coupled with the recent FTX collapse and myriad other pitfalls^[8], analysts estimate North Korea has probably lost most of its crypto haul^[9].

Can we expect its nuclear weapons development to come to a halt, or slow down? It seems unlikely.

What North Korea’s hackers have been up to

North Korea sponsors several hacker groups, including Lazarus Group^[10] (also called Guardian of Peace and Whois Team) and Advanced Persistent Threat 38 (APT38^[11]).

While nobody knows exactly how many North Korea-backed hackers there are, experts have estimated^[12] Kim Jong-un has between 6,000 and 7,000^[13] working both inside and outside the country.

North Korea has invested in its national cybercrime arsenal for some 15 years^[14]. It’s almost impossible for an organisation to defend itself against an army of this size and calibre once it comes charging.

In 2016, Lazarus hackers came close to stealing US$1 billion^[15] from Bangladesh’s national bank – but a typo in the computer code meant they only got away with US$81 million.

Since then, they’ve refined their methods. Lazarus has been accused of stealing US$571 million^[16] from cryptocurrency exchanges between January 2017 and September 2018, US$316 million^[17] from 2019 to November 2020, and US$840 million in the first five months^[18] of 2022.

According to Chainalysis, North Korean hackers have stolen an estimated^[19] total of about US$1 billion in cryptocurrency this year. A large chunk of this would have come from Lazarus’ massively lucrative heist against NFT-based online game Axie Infinity. In April, US authorities held the group responsible for stealing US$620 million^[20] in cryptocurrency from the game.

For context, it’s estimated^[21] North Korea only earned about US$142 million from trade exports in 2020.

Okay, so how much has it now lost?

It’s difficult to say exactly how much cryptocurrency has been stolen (and used) by North Korean hackers – and therefore how much might remain.

In June, blockchain analyst and former FBI analyst Nick Carlsen told Reuters^[22] one of North Korea’s crypto caches had lost 80% to 85% of its value in a number of weeks, falling to less than US$10 million.

Losses will have intensified following the FTX collapse. According to a Chainalysis report^[23], in January North Korea held about US$170 million in stolen unlaundered cryptocurrency, taken from 49 hacks conducted from 2017 to 2021. It also claims Ether was the most common cryptocurrency stolen by North Korea in 2021, making up 58% of the total theft.

Ether’s value^[24] fell by more than 20% following the FTX crash, and remains low. It’s reasonable to expect North Korea will wait before cashing out. When it does, experts looking on will be in a better place to figure out how much it has.

References

1. ^{^} declared bankruptcy (www.theguardian.com)
2. ^{^} flow-on effects (www.theguardian.com)
3. ^{^} far and wide (www.nature.com)
4. ^{^} simple way (www.nytimes.com)
5. ^{^} documented (www.reuters.com)
6. ^{^} stealing cryptocurrency (www.reuters.com)
7. ^{^} nuclear and missile program (thediplomat.com)
8. ^{^} other pitfalls (www.forbes.com)
9. ^{^} crypto haul (www.zawya.com)
10. ^{^} Lazarus Group (www.makeuseof.com)
11. ^{^} APT38 (cybersophia.net)
12. ^{^} have estimated (www.cnet.com)
13. ^{^} 6,000 and 7,000 (www.bloomberg.com)
14. ^{^} for some 15 years (www.washingtonpost.com)
15. ^{^} stealing US$1 billion (www.bbc.com)
16. ^{^} US$571 million (undocs.org)
17. ^{^} US$316 million (www.securitycouncilreport.org)
18. ^{^} the first five months (blog.chainalysis.com)
19. ^{^} stolen an estimated (blog.chainalysis.com)
20. ^{^} US$620 million (www.nytimes.com)
21. ^{^} estimated (oec.world)
22. ^{^} told Reuters (www.reuters.com)
23. ^{^} Chainalysis report (blog.chainalysis.com)
24. ^{^} Ether’s value (www.google.com)
25. ^{^} have been warning (www.ft.com)
26. ^{^} told state media (www.aljazeera.com)
27. ^{^} Cryptocurrency has an impact on economies. That's why some are afraid of it – and some welcome it (theconversation.com)
28. ^{^} has (www.sedaily.com)
29. ^{^} had (namu.wiki)
30. ^{^} financial support (www.sisaweek.com)
31. ^{^} pleaded guilty (www.bbc.com)
32. ^{^} in vetoing (www.aljazeera.com)
33. ^{^} trade with it (thediplomat.com)
34. ^{^} It's time to take Kim Jong Un and his nuclear threats seriously (theconversation.com)