Plutonium for Bitcoins: how North Korea funded its nuclear program with crypto…

…And what we can learn from it about Russia’s strategy.

Heavy sanctions, first imposed on North Korea by the UN back in 2006, forced the regime to develop other strategies for funding its nuclear program. The most lucrative way turned out to be cybercrime, especially the one connected with exploiting cryptocurrencies and blockchain technology. Ironically, the government supporting crypto-related crime on a massive scale can not boast of a tech-savvy population. The experts estimate that only the narrow circle of North Korean elites has access to the Internet they plug into through Russian and Chinese telecom companies.

The Lazarus Group

According to Chainalysis, North Korean hackers extracted nearly $400m worth of digital assets in 2021 alone. The attacks mainly targeted investment firms and centralized exchanges using malware and elaborated social engineering. Most of the attacks were likely carried out by the single hacker group APT 38, also known as Lazarus Group.

Chainalysis chart featuring total value hacked by North Korean hackers over 2017-2021
Source: Chainalysis

Lazarus first gained fame after the 2014 Sony Pictures attack and the 2017 WannaCry ransomware outbreak. The same group attempted to steal $1.2b from banks using fraudulent SWIFT messages, created fake crypto apps to trick users into installing malware, developed a scam coin known as Marine Chain Token, and attacked servers to mine crypto on it. According to the UN security council, the revenue generated by Lazarus goes to support North Korea's ballistic missile programs.

The very recent success of North Korean hackers is reportedly an over $600m Ronin bridge attack. According to researchers from Elliptical and Chainalysis, the breach, named the biggest crypto hack in history, was orchestrated by Lazarus Group, which then used Tornado.cash mixer to wash their proceeds.

Crypto laundering

North Korean hackers go through a complex process that involves decentralized exchanges, crypto mixers, and crypto-to-fiat Asian exchanges to launder stolen crypto. According to Chainalysis, the typical operation is done in the following steps:

  • ERC-20 tokens and altcoins are swapped for Ether via decentralized exchange (DEX)
  • Ether is mixed
  • Mixed Ether is swapped for Bitcoin via DEX
  • Bitcoin is mixed
  • Mixed Bitcoin is consolidated into new wallets
  • Bitcoin is sent to deposit addresses at crypto-to-fiat exchanges based in Asia —potential cash-out points

In fact, the share of crypto mixers in laundering mechanisms has drastically increased since 2017, indicating that hackers have adopted a more cautious approach.

Chainalysis chart featuring laundering mechanisms used by DPRK
Source: Chainalysis

How does North Korea have good hackers?

However, it’s not just stealing from the exchanges and institutions all the time. North Korea also legally obtains crypto through mining. According to the 2019 report from Insikt Group, the sanctioned country mines at least three cryptocurrencies – Bitcoin, Litecoin, and Monero, with the latter’s share increasing. Monero is fully anonymous and can be mined by non-specialized machines, making it a preferable choice over Bitcoin for North Koreans. The country possesses large coal deposits it can’t export due to the ban, so mining crypto looks like the most logical way to profit from it.

One may ask, how does a country where 99% of the population has no access to the Internet can orchestrate such complex and effective attacks? The answer is that the North Korean government values knowledge and is ready to put money and effort into raising qualified professionals. As the Insikt report shows, North Korea sends its citizens around the world as students – mainly to China and India – to acquire necessary skills and take them back to the country.

The story of Virgil Griffith

We can only assume what other channels North Korea uses to source knowledge. Still, the overall picture becomes clearer when we take a closer look at the available scraps of information. Recently, it was loud about Virgil Griffith, a very senior employee of the Ethereum Foundation, who was sentenced to over five years in prison and fined $100,000 for giving a talk at the “Pyongyang Blockchain and Cryptocurrency” conference in North Korea.

Referring to Virgil’s case, Ethereum co-founder Vitalik Buterin doubted that the EF employee gave North Korea any sensitive information. “I don't think what Virgil did gave DRPK any kind of real help in doing anything bad. He delivered a presentation based on publicly available info about open-source software. There was no weird hackery ‘advanced tutoring,’” he tweeted on December 1, 2019. Buterin also added that Virgil made no personal gain from the trip.

However, US authorities thought otherwise. “Griffith’s presentations at the DPRK Cryptocurrency Conference had been approved by DPRK officials and focused on, among other things, how blockchain technology such as “smart contracts” could be used to benefit the DPRK, including in nuclear weapons negotiations with the United States,” US Justice Dept says in its press release. Officials also believe Griffith planned to facilitate the exchange of cryptocurrency between the DPRK and South Korea and attempted to recruit other U.S. citizens to provide similar services to the North Korean government.

What concussions can we draw from Virgil’s story? First, North Korea organizes conferences on crypto and blockchain to facilitate knowledge transfer. Second, the country is actively looking to cooperate with foreign experts. In that light, Griffith may not be the only one who aided North Korea but the only one who got caught yet.

What will Russia do?

Given the North Korea crypto strategy overview, can we expect Russia to go the same way? I think yes, since the country already turned its eyes to crypto – today Federal Tax Service proposed to settle payments with “friendly states” in BTC and ETH, as most of Russia’s foreign currency accounts are frozen. And since the list of Russia’s “friendly states” includes Cuba, Venezuela, Iran, and North Korea, we would witness an interesting case of an alternative banking system built by rogue states.

However, Russia is unlikely to become an “ancap paradise” since its hard stance on crypto for ordinary citizens remains unchanged. Current legislation establishes banks as intermediaries between exchanges and investors. All crypto wallet holders have to go through a KYC procedure and open a special bank account to be able to trade cryptocurrencies legally. The “Transparent Blockchain” service allows authorities to create a database of wallets, trace transactions, and identify suspicious operations.

Russia also plans to tax and regulate crypto mining and move mining farms to regions with cheap energy. According to Bloomberg, Vladimir Putin supported the proposal despite central bank opposition, pointing out that Russia has an electricity surplus and well-trained personnel. Crypto mining will help the country mitigate the impact of sanctions and address currency shortages. Given the cheap energy and cold climate, Russia can probably advance from being the world’s third-largest crypto miner to being second or even first.