North Korean crypto thefts target Japan, Vietnam, Hong Kong

Study finds Japan's $721m loss accounts for 30% of global total since 2017

North Korea is using cyberattacks to target Japanese cryptocurrency assets. Hacker groups affiliated with North Korea have stolen $721 million from Japan since 2017, according to a study by a U.K.-based compliance specialist. That is equal to 30% of the total of such losses worldwide.

Pyongyang is believed to have targeted the crypto assets of other countries to obtain the foreign currency that it uses for its missile program. This could, in turn, threaten the security of Asia.

Elliptic grouped by region businesses whose virtual currency was transferred to electronic wallets used by the Lazarus Group, a North Korean-based hacker group. This is the first case in which the financial losses inflicted by North Korean hackers have been broken down by region or country.

International bodies are waking up to the threat emanating from North Korea. In the joint statement adopted by the Group of Seven finance ministers and central bank governors on Saturday in Japan, top officials acknowledged the “growing threat from illicit activities by state actors” such as the theft of cryptocurrencies, with North Korea’s repeated missile launches in mind.

According to a report released on April 5 by a U.N. Security Council panel of experts, North Korea stole between $600 million and $1 billion in cryptocurrency in 2022, double the previous year’s total. Elliptic estimated the figure at $640 million for 2022.

North Korea employs two main types of cyberattacks: hacking and ransomware. Elliptic’s analysis mostly uncovered hacking — stealing directly from cryptocurrency exchanges. Since it is uncertain whether a particular ransomware attack will be successful, North Korea is thought to be focusing its efforts on direct attacks on exchanges as one successful hack can bring in a huge haul of crypto assets.

According to Elliptic, North Korea has stolen a total of $2.3 billion in cryptocurrency from businesses between 2017 and the end of 2022. Of that, Japan accounted for the largest portion, followed by Vietnam ($540 million), the U.S. ($497 million) and Hong Kong ($281 million).

According to the Japan External Trade Organization, the $721 million stolen from Japan is 8.8 times greater than the value of North Korea’s exports in 2021.

It is thought the hackers have targeted Japan and Vietnam, where cryptocurrency markets have expanded rapidly and many operators have lax security. At least three cryptocurrency exchanges in Japan are thought to have been broken into by North Korean hackers between 2018 and 2021, according to a person familiar with the situation. One, Zaif, lost 7 billion yen ($51.4 million) in 2018. The company has since shut down.

It is difficult for North Korea to obtain foreign currency because of the international sanctions imposed on the country. Cyberattacks are thought to be a national strategy meant to make up for the loss of foreign exchange from North Korea’s greatly restricted coal trade.

The scale activities by North Korean-affiliated groups was first noticed around 2014. In addition to cyberattacks, these groups steal information on defense, health care, and other areas. “The technology of the programs they use is higher than that of attack groups in other countries,” said a cybersecurity expert.

The international community has singled out Pyongyang for criticism. The U.S. government has determined that North Korea was involved in a large number of ransomware attacks that took place worldwide in 2017. In October 2022, Japan’s National Police Agency and other authorities singled out North Korea and called for caution among crypto exchange operators. The U.N. Security Council panel of experts repeated its warning in its 2021 report, saying the country continues to conduct hacking operations to bolster its nuclear and missile programs.

If the stolen cryptocurrency is used for military purposes, this poses a security threat. Japan has strengthened its security by amending its Payment Services Act, and other countries are taking similar steps. However, they have yet to respond to new technologies such as decentralized finance (DeFi), in which financial transactions are conducted by programs on the blockchain, or to support domestic crypto exchange operators in dealing with them.

Cross-border collaboration in the cryptocurrency industry is also critical. Hiroki Iwai, president of Tokyo-based cyber consultancy Sighnt, said, “We need to share threat information, such as attack routes and malware that exploit them, among the public and private sectors and industry associations in each country to raise the level of defense capabilities of each industry, including the financial sector

AKINOBU IWASAWA and REI KOBAYASHI(2023.05.15) “North Korean crypto thefts target Japan, Vietnam, Hong Kong”
retrieved from