In the most recent events surrounding North Korea’s illicit activities in the cryptocurrency realm, the US Treasury’s Office of Foreign Assets Control (OFAC) has officially sanctioned Binance-hosted wallets with alleged ties to North Korea. The blacklisted wallets, tied to a North Korean citizen named Sang Man Kim, were found to have received over $2 million in cryptocurrencies. These funds were subsequently sent to North Korean entities, bolstering their malicious cyber activities.
North Korea, known for its increasingly sophisticated cyber techniques, uses these tactics to gain access to digital networks involved in cyber finance, according to a confidential report by the United Nations. Independent sanctions monitors reported to the U.N. Security Council committee that these sophisticated cyber techniques have enabled the DPRK to steal information of potential value, including elements beneficial to its weapons programs.
The confidential U.N. report also highlighted a worrying statistic: North Korean cybercrime yielded cryptocurrencies worth more than $1 billion in 2022, marking it as a record-breaking year for the nation’s virtual asset theft. The dramatic rise in the USD value of cryptocurrency in recent months has likely influenced these figures.
The report noted that the primary perpetrators of these cyber attacks were groups controlled by North Korea’s primary intelligence bureau – the Reconnaissance General Bureau. These groups, known as Kimsuky, Lazarus Group, and Andariel, targeted victims for revenue generation and to solicit information valuable to the North Korean weapons program.
In addition to these groups, another North Korean-linked group, HOlyGhOst, extorted ransoms from small- and medium-sized companies in various countries through a widespread, financially motivated campaign involving ransomware distribution.
The crypto exchange Binance, though not directly controlling these wallets, has faced backlash in the past for allegedly facilitating the efforts of bad actors to bypass sanctions. In response, the exchange has since introduced strict policies aimed at purging North Korean actors from its platform. Despite this, the Treasury Department imposed sanctions against several cyber actors, including four entities and one person, for concealing illicit funds and engaging in malicious cyber activities supporting the North Korean regime.
In summary, the DPRK’s illicit cyber and IT operations contribute significantly to the funding of the regime’s unlawful weapons of mass destruction and ballistic missile programs. These activities further underline the critical need for stringent global cybersecurity measures and the vigilance of financial institutions and cryptocurrency exchanges worldwide.