How North Korea became a mastermind of crypto cybercrime
Created by a Vietnamese gaming studio, Axie Infinity offers players the chance to breed, trade, and fight Pokémon-like cartoon monsters to earn cryptocurrencies including the game’s own “Smooth Love Potion” digital token. At one stage, it had more than a million active players.
But earlier this year, the network of blockchains that underpin the game’s virtual world was raided by a North Korean hacking syndicate, which made off with roughly $620 million in the ether cryptocurrency.
The crypto heist, one of the largest of its kind in history, was confirmed by the FBI, which vowed to “continue to expose and combat [North Korea’s] use of illicit activities—including cybercrime and cryptocurrency theft—to generate revenue for the regime.”
The successful crypto heists illustrate North Korea’s growing sophistication as a malign cyber actor. Western security agencies and cyber security companies treat it as one of the world’s four principal nation-state-based cyber threats, alongside China, Russia, and Iran.
According to a UN panel of experts monitoring the implementation of international sanctions, money raised by North Korea’s criminal cyber operations are helping to fund the country’s illicit ballistic missile and nuclear programs. Anne Neuberger, US deputy national security adviser for cyber security, said in July that North Korea “uses cyber to gain, we estimate, up to a third of their funds for their missile program.”
Crypto analysis firm Chainalysis estimates that North Korea stole approximately $1 billion in the first nine months of 2022 from decentralized crypto exchanges alone.
The rapid collapse last week of FTX, one of the biggest exchanges, has highlighted the opacity, erratic regulation, and speculative frenzies that have been the central features of the market for digital assets. North Korea’s growing use of crypto heists has also served to demonstrate the absence of meaningful international regulation of the same markets.
Analysts say the scale and sophistication of the Axie Infinity hack exposed just how powerless the US and allied countries appear to be to prevent large-scale North Korean crypto theft.
Only about $30 million of the crypto loot has since been recovered. That was after an alliance of law enforcement agencies and crypto analysis companies traced some of the stolen funds through a series of decentralized exchanges and so-called “crypto mixers,” software tools that can shuffle the crypto holdings of different users so as to obfuscate their origins.
In one of the few law enforcement actions since the theft, in August the US sanctioned the Tornado Cash mixer, which the US Treasury said had been used by the hackers to launder more than $450 million of their ethereum haul.
The US has since designated the crypto mixer, alleging the tool was used to support North Korean hackers who were in turn supporting the country’s weapons of mass destruction program.
It also highlights the opportunities afforded by the unregulated world of crypto to many other rogue regimes and criminal actors around the world, with experts warning that the problem is likely only to get worse over the decade as crypto exchanges are increasingly decentralized and more goods and services—legal and illicit—are made available for purchase with cryptocurrency.
“We are not anywhere near where we need to be when it comes to regulating the cryptocurrency industry,” says Allison Owen, a research analyst at RUSI’s Centre for Financial Crime and Security Studies. “Countries are taking steps in the right direction, but North Korea will continue finding creative ways to evade sanctions.”