Hackers from North Korea have sent around US$52.46 million worth of cryptocurrencies to digital asset exchanges in South Korea since 2019 in an effort to evade sanctions or to launder the money, said Yoon Han-hong, a South Korean lawmaker, on Wednesday.
Yoon, a member of the ruling People Power Party, cited an investigation by New York-based blockchain data firm Chainalysis and had requested this report.
The data may help substantiate rising suspicions that hackers in the Democratic People’s Republic of Korea (DPRK), the official name of North Korea, were laundering funds through exchanges of South Korea, local media reported.
“The total amount of fund inflow [into exchanges in South Korea and overseas] from North Korean hacker groups has been constantly growing,” said the Chainalysis report that Yoon provided to Forkast.
The blockchain data firm, which has worked with the U.S. Federal Bureau of Investigation (FBI) and Europol in tracking the criminal use of cryptocurrencies, revealed it had identified the amount by tracing multiple intermediary deposit addresses that have been exposed to crypto wallets that belong to DPRK hackers.
“[Crypto] is essentially the only investment measure [North Korea] has,” Hwang Suk-jin, a professor of information security at Seoul-based Dongguk University, told Forkast in an interview.
“As it can be liquidated anywhere in the world, I believe [crypto] is used to launder funds for the regime and in managing intelligence operations,” said Hwang, who has previously worked with South Korean law enforcement and the Ministry of National Defense in financial crime investigations.
See related article: North Korea funds missiles with cyberattacks on crypto exchanges: Reuters
Hwang mentioned that crypto stolen by DPRK actors could be everywhere, and that the amount revealed today could be just the tip of the iceberg. “There are gestures of entities [suspected as North Korea-backed] trying to cash out cryptocurrencies in exchanges outside of Korea, we just aren’t certain yet that they are actually supported by the DPRK,” Hwang added.
DPRK, which recently conducted missile tests over Japan, is also reportedly funding its nuclear weapons program in part with crypto cyberattacks on exchanges. North Korea has said its recent launches were simulations of nuclear attacks on South Korea.
Chainalysis reported earlier this year that the DPRK stole nearly US$400 million across seven cyberattacks on cryptocurrency exchanges in 2021. The FBI also accused North Korea of conducting the US$620 million crypto heist on Axie Infinity’s Ronin Bridge, and blockchain analytics firm Elliptic accused the state for hacking US$100 million out of the Horizon Bridge of Harmony. Both cyberattacks, which took advantage of bridges that enable interaction between two blockchains, took place earlier this year.
South Korean media reports that local crypto exchanges may become a “playground” for North Korean hackers.
“Through [South Korean] exchanges, [North Korean hackers] will liquidate [the crypto] which will be transferred to a third country and then delivered back to North Korea,” Hwang told Forkast.
Over the last two years, South Korea introduced two, strict anti-money laundering laws to its crypto sector: the Special Financial Transaction Information Act and the Travel Rule.
The former mandates all local exchanges to have its users using fiat-to-crypto services to transact under their real names. The latter, established by the Financial Action Task Force, requires crypto businesses to collect and save personal information of the sender and the receiver in any transaction exceeding one million South Korean won (US$700).
See related article: US$30 mln seized from North Korea hacking group: report
Be that as it may, says Hwang, North Korean hackers still have their way of circumventing these regulations.
“We can say the Travel Rule prepared a basic safety device, but it is still limited in stopping transactions using identity theft or under a borrowed name,” said the security expert, who also added that the Travel Rule was not in effect in many other countries.
South Korea being pegged as a “playground” for DPRK hackers may cause serious damage to the overall credibility of the country.
“The country may become a target of a secondary boycott in part because of the sanctions against North Korea, and may receive a negative appraisal as a uncooperative state in stopping money laundering,” the Dongguk University professor explained.
In order to effectively prevent DPRK’s crypto funds from utilizing local exchanges, Hwang says South Korea will need to ramp up legal consequences on criminal liability for transacting under borrowed names or purchasing by proxy.