“Donate my organs,” reads a voice note sent by a 23-year-old British man, Stefano Reale, who committed suicide after losing all of his money invested in Bitcoin. In that world of dramatic ups and downs, young people are the most vulnerable.
Under proper regulation, cryptocurrencies are beneficial and viewed by many as a path to a more equitable financial system. If stolen, the funds are relatively easy to track. Law enforcement authorities are able to identify the hacker by establishing the link between the wallet and perpetrator.
Moreover, US intelligence analysts have discovered that it is easier “to trace illicit activity using Bitcoin than it is to trace cross-border illegal activity using traditional banking transactions.”
Now what if the authorities have to deal not with a bunch of criminals but with nothing less than a cryptocurrency superpower?
Bad reputation as hacking titan
In June, a group of hackers believed to be linked to the North Korean regime drained a number of accounts of the Atomic Wallet cryptocurrency service. The criminals have stolen at least US$35 million, with around 1% of monthly users being affected by the attack.
Some victims took their rage to Twitter. “Damn, all the hard-working money disappeared in an instant,” moaned one of the Atomic Wallet customers.
Experts from Elliptic, a UK provider of blockchain analytics, identified the cybercriminals as the Lazarus Group. Attributed to multiple cyber hacks starting from 2010 to the present day, the group was labeled by the US Federal Bureau of Investigation (FBI) as a “state-sponsored hacking organization.”
The impressive list of Lazarus Group crimes includes attacks on Sony Pictures and several pharmaceutical companies. The organization is particularly known for the WannaCry ransomware, in which the hackers targeted computers all over the world to demand ransom payments in Bitcoins.
According to Chainanalysis, an American blockchain analysis firm, the group has stolen more than $1.75 billion worth of cryptocurrency in the time it has been active.
For North Korea’s authorities, cryptocurrencies have turned out to be an efficient way to evade economic sanctions. However, that is not what worries security experts most. Much more alarming is where the proceeds go, and this is clearly not about improving living standards of North Korea’s citizens.
Anne Neuberger, the White House’s deputy national security adviser, claims that about half of Pyongyang’s missile program has been funded by the cryptocurrency theft. A disturbing assertion for many, especially for the country’s closest neighbors. Last year, North Korea conducted a record number of missile tests, while this March alone, more than a dozen missiles were fired.
How to combat North Korea’s crypto-crime
Dennis Desmond, a former FBI special agent and a lecturer in cybersecurity at the University of the Sunshine Coast in Australia, has pointed to the fact that North Korea successfully launders its stolen assets using exchanges and mixers in Asia.
However, the primary problem in fighting North Korea’s cyber-hacking is that Pyongyang does not actually worry about international law enforcement identifying individuals. Nor do the country’s authorities concern themselves with possible economic restrictions as sanctions against the regime are already extreme.
“Private companies such as Elliptic and Chainalysis are experts in identifying and tracking cryptocurrency trades on blockchains and their services are in use worldwide by intelligence and law enforcement agencies,” Desmond told this author.
“However, without the ability to rapidly seize and freeze wallets, it can be almost impossible to recover seized assets,” he said, adding that stolen cryptocurrencies are often laundered through automated processes that take humans and central control out of the picture.
Here the question arises as to what the international community can do in such a situation. Desmond places special emphasis on preventive measures, since North Korea’s tradecraft is largely focused on social engineering.
“Multi-factor authentication protocols, secondary managerial approvals for large trades, and the use of encrypted communications with enhanced security measures will assist in defending against social engineering attacks and unauthorized transfers,” Desmond said.
Further, every exchange and bridge should be equipped with trained personnel to monitor cryptocurrency trades. Employing advanced analytics and AI to monitor blockchain transactions can help identify potential North Korean involvement in cryptocurrency-related criminal activities.
“By analyzing the flow of funds, authorities can detect and intercept illicit transactions. Establishing and reporting these kinds of activities should be a requirement for licensing, with failure to support AML [anti-money-laundering] regulations’ efforts resulting in loss of the ability to conduct business in that country,” the expert noted.
Ramping up cooperation among law-enforcement agencies, intelligence communities, and financial institutions is another step in strengthening the protection against cybercrimes.
“Because the DPRK is laundering and cashing out its illicit proceeds through Asian exchanges, there should be enhanced international cooperation and enforcement of AML,” Desmond said. “Creating a coordinated effort to share intelligence and track suspicious transactions will help in disrupting North Korean actors involved in cryptocurrency theft.”
Last but not least, government agencies should take advantage of knowledge provided by well-established blockchain analysis firms.
“Training law enforcement in the investigation of cryptocurrency theft and equipping law enforcement personnel with specialized knowledge and tools such as Elliptic and Chainalysis is crucial. As it currently stands, only specialized units have the skills and technology to track cryptocurrency theft,” the expert highlighted.
What to expect
Desmond believes that eventually, countries will implement more regulatory control over cryptocurrency trades.
“Through technological advancement, there may be a chance to recover stolen funds. Until then, only increased security measures and training will assist with preventing exchanges, bridges and crypto-financial organizations from losing cryptocurrencies through targeted attacks,” the expert concluded.
The nexus of North Korea’s cyber thefts and nuclear program is alarming and carries grave risks. While being impoverished and isolated, this communist autocracy, surprisingly to some, has appeared to be technology savvy and resourceful. That is why the international community should in no way underestimate this threat and should join forces to reduce the regime’s cybercrime potential.