North Korean-Russia Cyber Alliance

On-chain data has unveiled a disconcerting revelation: hacking groups linked to the Democratic People’s Republic of Korea (DPRK) are intensifying their utilization of Russian-based cryptocurrency exchanges notorious for laundering illicit digital assets.

This unsettling revelation coincides with growing concerns raised by independent sanctions monitors regarding North Korea’s evolving strategies in the realm of cyber warfare. An imminent United Nations report sounds the alarm, cautioning that the DPRK is deploying increasingly sophisticated cyberattacks to fund its nuclear missile programs. These “state-sponsored” hacking groups have set their sights on cryptocurrency and financial exchanges worldwide.

$21.9M Crypto Theft

Chainalysis, a blockchain analysis firm, has unearthed startling insights. According to their data, a staggering $21.9 million in cryptocurrency, pilfered from Harmony Protocol, was recently transferred to a Russia-based exchange well-known for facilitating illicit transactions. Moreover, Chainalysis has compelling evidence indicating that DPRK entities have been utilizing Russian services, including this very exchange, for money laundering since 2021. This latest development represents a significant escalation in the cyber cooperation between these two nations, with the Chainalysis Reactor graph mapping out the movement of stolen Harmony funds to the Russian exchange.

This revelation not only underscores a potent alliance between North Korean and Russian cybercriminals but also presents a formidable challenge to global authorities. Russia’s longstanding reputation for non-cooperation with international law enforcement efforts casts a grim shadow over the prospects of recovering stolen funds redirected to Russian exchanges. While mainstream centralized exchanges, often favoured by North Korean hackers, have historically cooperated with authorities, Russian exchanges and law enforcement agencies have shown a consistent pattern of non-compliance, severely diminishing the chances of asset recovery.

This Chainalysis Reactor graph shows some of the movement of stolen Harmony funds to the Russian exchange.

DPRK Hacking Trends

As the year 2023 approaches its conclusion, a paradoxical trend emerges in DPRK-associated hacking activities. Chainalysis data reveals that the total value of stolen cryptocurrency attributed to DPRK groups has surpassed $340.4 million this year, a marked decrease compared to the over $1.65 billion reported in stolen funds in 2022. While North Korean hackers are poised to steal significantly less cryptocurrency than the previous year, it is crucial to recognize that the astronomical figures from 2022 set an exceptionally high bar.

Read More: EU Approves DAC8 Directive For Crypto Oversight

With the cumulative cryptocurrency theft estimated at a staggering $3.54 billion, the DPRK remains a hotbed for hacking activities and continues to pose one of the most significant ongoing threats in the cybercrime landscape. The alarming partnership between North Korean hackers and Russian exchanges underscores the urgent need for international cooperation and heightened vigilance in countering these ever-evolving cyber threats.