North Korea-linked hackers have stolen hundreds of millions of crypto to fund the regime's nuclear weapons programs, research shows.
So far this year, from January to Aug. 18, North Korea-affiliated hackers stole $200 million worth of crypto — accounting for over 20% of all stolen crypto this year,
"In recent years, there has been a marked rise in the size and scale of cyber attacks against cryptocurrency-related businesses by North Korea. This has coincided with an apparent acceleration in the country's nuclear and ballistic missile programs," said TRM Labs in a .
In that discussion, TRM Labs said there has been a pivot away from North Korea's "traditional revenue-generating activities" — an indication that the regime may be "increasingly turning to cyber attacks to fund its weapons proliferation activity."
Separately, said in a February report that "most experts agree the North Korean government is using these stolen assets to fund its nuclear weapons programs."
The Permanent Mission of North Korea to the United Nations in New York, a diplomatic mission of the regime to the UN, did not respond to CNBC's request for comment.
Since in 2006, the on the reclusive regime — known formally as DPRK, or the Democratic People's Republic of Korea — for its nuclear and ballistic missile programs.
The sanctions, which include bans on financial services, minerals, metals and arms, are aimed at limiting North Korea's access to sources of funding it needs to support its nuclear activities.
Just last month, crypto companies that North Korea-linked hackers are planning to "cash out" $40 million of crypto.
it continues "to identify and disrupt North Korea's theft and laundering of virtual currency, which is used to support North Korea's ballistic missile and Weapons of Mass Destruction programs."
"They are under pretty serious economic stress with international sanctions. They need every dollar they can. And this is just obviously a much more efficient way for North Korea to make money," Nick Carlsen, intelligence analyst at blockchain analytics firm TRM Labs, told CNBC.
"Even if that dollar stolen in crypto doesn't directly go towards the purchase of some component for the nuclear program, it frees up another dollar to support the regime and its programs," said Carlsen.
North Korea-affiliated hackers exploit vulnerabilities in the crypto ecosystem in a variety of ways.
Some examples include phishing and supply chain attacks, as well as through infrastructure hacks which involve private key or seed phrase compromises, TRM Labs said in the report.
According to data from Chainalysis, .
A whopping $3.8 billion was stolen from crypto businesses, primarily from exploiting decentralized finance protocols and by North Korea-linked attackers, said Chainalysis.
In March last year, a record amount of more than $600 million worth of crypto assets from Ronin Bridge in the popular blockchain game Axie Infinity using stolen private keys — passwords that allow users to access and manage funds.
Hackers exploit what's known as a blockchain "bridge," which allows users to transfer their digital assets from one crypto network to another.
North Korean-affiliated cybercriminals reportedly posed as recruiters and lured an engineer from blockchain gaming firm Sky Mavis into believing there was a job opportunity, in June.
The hacker shared a malware-laced document with the victim, enabling the criminals to access the engineer's computer and steal more than $600 million in crypto after they broke into Sky Mavis's digital pets game, Axie Infinity.
"They leverage social engineering and they get themselves into the community. They build relationships and gain access to systems," Erin Plante, vice president of Investigations at Chainalysis, told CNBC.
The U.S. Treasury's Office of Foreign Assets Control and South Korea's authorities has against several entities and individuals for helping fraudulently obtain employment overseas and launder illicitly obtained funds back to North Korea.
"They target employers located in wealthier countries, utilizing a variety of mainstream and industry-specific freelance contracting, payment, and social media and networking platforms," said the , adding that North Korean IT workers often take on projects that involve virtual currency.
"DPRK IT workers also use virtual currency exchanges and trading platforms to manage digital payments they receive for contract work as well as to launder these illicitly obtained funds back to the DPRK."
