Skip to content

North Korea Crypto Hackers Have A Safe Haven in Mother Russia

As relations between the Russia and North Korean governments continue to cosy up, a Chainalysis investigation has found that since 2021, Russian crypto exchanges have been laundering stolen crypto used to fund the DPRK nuclear arms program.

“Democratic People’s Republic of Korea (DPRK)-linked hacking groups are increasing their use of Russia-based exchanges known to launder illicit crypto assets.”

A Chainalysis investigation revealed on Thursday that $21.9 million of the funds stolen by state-sponsored North Korean hackers, the Lazarus Group, from the Harmony Protocol in 2022 were laundered by Russian crypto exchanges. Furthermore, hacked funds from previous attacks, which Kim Jong Un's government uses to bankroll the nation's nuclear arms program, have been circulating between the two countries since 2021.

Released during the recent summit between the North Korean leader and Vladimir Putin, the report has added to the fears of the international community, already on edge about a possible military agreement being sealed during Kim's current visit.

Hackers of the Democratic People’s Republic of Korea (DPRK) seem to have been busy writing the ultimate cybercrime playbook.

After stealing a record of $1.7 billion in cryptocurrency in 2022 (more than the country's $1.59 billion trade volume of the same period), the U.S. Federal Bureau of Investigation (FBI) issued a warning about the novel ways they are infiltrating companies and waiting for months before launching an insider attack. This year, their attacks have reportedly been ten times larger than those of other actors.

North Korean state-funded hackers have been around since the 1980s, and their purpose has always been to enhance the country’s military apparatus, most recently meaning the nuclear arms program.

As Nick Carlsen, intelligence analyst at blockchain analytics firm TRM Labs, explained to CNBC, “Even if that dollar stolen in crypto doesn’t directly go towards the purchase of some component for the nuclear program, it frees up another dollar to support the regime and its programs.”

This is because, over the years, the country’s economy (which has been severely impacted since U.N. sanctions were imposed in 2006) has been transformed to focus on one single axis - the war industry.

Moscow, isolated from the West since the conflict with Ukraine, has been building bridges with unconventional allies who can give it an advantage in its “existential battle” against the West. This would seem to fit perfectly with North Korea, given its ready-to-export arsenal.

Despite there being no official connection between the Kremlin and the cybercrime underground of Russia, the government has a track record of non-cooperation with foreign security agencies when it comes to arresting hackers, as well as a laissez-faire stance on controlling the money laundering crypto-exchanges proliferating right 'above' its nose.

With Kim Jong Un visiting fighter jet and naval plants around Russia, Putin seems keen on making him feel like an esteemed international partner. Moscow then, looks to remain a safe haven for illegal funds to be laundered before powering up Pyongyang's nuclear arms program.