North Korean state-sponsored cryptocurrency theft has become a “fundamental part” of the country’s illicit financing activities to fund its nuclear and missile programs, a United Nations independent expert said on Wednesday, urging the international community to reinforce its sanctions framework and regulations to block cyber financial crime.
Eric Penton-Voak, a coordinator at the UN Security Council’s Panel of Experts (PoE) which monitors enforcement of sanctions on North Korea, cited cryptocurrency theft as the key reason for a “marked acceleration” in the country’s missile test launches over the last six months.
Increasingly since around 2017, “a variety of sources of cryptocurrencies has become a fundamental part of (the) DPRK sanctions evasion framework, enabling their WMD programs to continue to develop,” Penton-Voak said during an event hosted by the Washington-based Center for a New American Security.
Penton-Voak underscored that the existing UN sanctions framework focusing on strictly restricting traditional financial services is not sufficient to deter and stop North Korea’s cyber-enabled financial crime.
“It may be no coincidence that the words ‘cyber’ and ‘cryptocurrency’ do not actually appear in the UN sanctions resolutions,” he said.
The UN PoE member emphasized that UNSC sanctions resolutions have not established any provisions that forbid cryptocurrency theft. He called on the international community to come up with ways to prevent North Korea from capitalizing on the weakness of cryptocurrency markets.
“At present, it’s too easy and low risk for Lazarus and others to exploit the cutting edge of new financial technologies in order to steal funds,” Penton-Voak said. The Lazarus hacking group is believed to be controlled by North Korea’s primary intelligence bureau, the Reconnaissance General Bureau and responsible for major cyberattacks, including the 2017 WannaCry ransomware attacks.
“We see that DPRK cyber actors always go to the weakest point. They look at nonregulated areas. They look at really interesting and very gray, new areas of cryptocurrency because actually, A -- no one really understands them, and B -- they can exploit weakness,” Penton-Voak said.
UN should step up efforts
North Korea state-sponsored hackers are very skilled at extorting cryptocurrency, a “very low cost and low risk means of stealing money,” the UN PoE member said.
“They’re right on the cutting edge of cyber techniques, as you may have seen in the most recent hack of the Axie Infinity video game.”
The US Federal Bureau of Investigation last Thursday publicly accused cyber hackers associated with the North Korean government of stealing $620 million worth of cryptocurrency from the nonfungible token-based Axie Infinity video game company in late March.
Following the massive crypto theft, the FBI, the Cybersecurity and Infrastructure Security Agency and the US Treasury Department on Monday issued a joint cybersecurity advisory. The advisory aims to “highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020.”
Penton-Voak underscored that blockchain analysis will be a central tool in tracking illicit financial flows and remain fundamental to any country’s ability to watch “bad guys.”
But annual reports written by the PoE do not really reflect the central importance of cyber-enabled financial crime despite the gravity of the issue, he said, underlining that the PoE reports “really ought to focus on the most important means of sanctions evasion.”
One of the difficulties in gathering information stems from the reluctance of UN member states to discuss how hacks happened and how extensive they were, he said.
“I do hope and expect that our reports in the future will rather better reflect the central importance of cyber-enabled financial crime to the DPRK,” Penton-Voak said.
Penton-Voak expressed regret at the UN PoE’s sole focus on investigating cyber activities that violate UN sanctions, since they lack a mandate to look at broader cyber espionage or cyber warfare.
“The sooner that DPRK methodologies can be exposed and understood, the sooner action can be taken by the cryptocurrency exchanges,” he said.
N. Korea exploits vulnerabilities of crypto market
A US-based expert also pointed out that North Korea has advanced and utilized techniques such as cryptocurrency mixers and decentralized finance (DeFi) platforms particularly to launder funds, while exploiting the gap between technological advancements and regulation mechanisms.
“We’ve noticed that the rate by which cryptocurrency and financial technologies evolve continues to far outpace the rate by which national governments and international institutions are able to regulate and understand them,” Jason Bartlett, a research associate for the Energy, Economics, and Security Program at the Center for a New American Security, said during the event.
“And this is a major vulnerability that the North Korean hackers continue to exploit.”
Bartlett said “North Korea will likely continue to use these new and evolving financial technologies as they remain heavily vulnerable and unregulated compared to more traditional forms of finance.”
Nick Carlsen, an analyst at the US blockchain intelligence company TRM Labs, said that more than 50 percent of major crypto hacks are conducted by North Korean hackers overall.
Carlsen added that the North Korean regime has directly spearheaded cryptocurrency theft, pointing to the speed, efficiency, and “systemized process” in stealing, laundering, and converting cryptocurrency to fiat currency.
“It’s basically the modern-day equivalent of the Barbary pirates. This is a country that is engaged in state-sponsored bank robbery. It’s not traditional espionage,” Carlsen said.
“This is hundreds of millions of dollars that are being used to support weapons programs and destabilizing activities. It’s just a completely unique, singular target.”