North Korean Hackers Boost Pyongyang’s Crypto Reserve

April 7, 2025 — By Julian Ryall

In a startling revelation, North Korea has reportedly amassed the third-largest Bitcoin reserve in the world, trailing only behind the United States and the United Kingdom. This significant accumulation of assets comes in the wake of several high-profile cryptocurrency heists that underline the nation’s reliance on illicit financial activities to bolster its economy.

A Surge in Illegitimate Crypto Accumulation

Experts suggest that North Korean hackers have siphoned off billions of dollars in cryptocurrency in recent years, enabling the impoverished nation to maintain its costly weapons programs. A prime example of this activity occurred in late February when the Lazarus Group, a notorious North Korean hacking collective, stole a staggering $1.5 billion (approximately €1.37 billion) from Dubai-based cryptocurrency exchange ByBit. This heist involved breaching the exchange’s digital wallet for Ethereum, the world’s second-largest cryptocurrency.

According to Binance News, North Korea now holds about 13,562 Bitcoins, valued at around $1.14 billion. This cryptocurrency is increasingly perceived as an asset resistant to inflation, drawing comparisons to gold.

The Tactics Behind the Thefts

Aditya Das, an analyst at Brave New Coin, emphasized that the bulk of North Korea’s crypto accumulation is the result of theft. He stated, "Global policing agencies like the FBI have publicly warned that North Korean state-sponsored hackers are behind numerous attacks on cryptocurrency platforms." Despite these warnings, security vulnerabilities within the industry continue to be exploited.

North Korean hackers are particularly skilled in social engineering, a tactic that involves manipulating employees to gain access to secure systems. Das explained, "Many of their operations involve infiltrating employee hardware, then using that access to breach internal systems or lay traps from the inside." Their primary targets include crypto startups, exchanges, and decentralized finance (DeFi) platforms, which often lack robust security measures.

Recovery of Stolen Funds is Rare

Once cryptocurrencies are stolen, recovery is alarmingly infrequent. The very nature of cryptocurrency makes transactions irreversible, and retaliating against North Korean operatives poses significant challenges. "These are nation-state actors with top-tier cyber defenses," noted Das.

The methods employed by elite North Korean hackers are sophisticated, often requiring time and careful strategy to infiltrate legitimate organizations. One such group, known as Sapphire Sleet, has been known to lure victims into downloading malware disguised as job applications or meeting tools, effectively turning them into unwitting accomplices in their attacks.

Cryptocurrency as a Lifeline for North Korea

Legal expert Park Jung-won, from Dankook University, remarked on the shift in North Korea’s funding methods. Previously reliant on smuggling narcotics and counterfeit goods, North Korea has found a "huge opportunity" in cryptocurrency, which has become essential for the survival of Kim Jong Un’s regime. "Without it, they would have been completely without funds," Park stated. He posits that the stolen cryptocurrency primarily funds military advancements and the ruling elite.

The Indifference of North Korea to International Pressure

Given North Korea’s entrenched reliance on these illegal activities, Park posits that there is little hope for change. "For Kim, the survival of his dynasty is the most important priority," he added. The nation has become accustomed to this revenue source and shows no intention of complying with international laws.

Das concurred that influencing North Korea’s behavior remains a daunting challenge. He urged crypto firms to adopt stringent security measures, emphasizing the need for industry-wide information sharing to enhance defenses against North Korean tactics.

The Call for Improved Security Standards

Despite the growing momentum for sector-wide collaboration to detect and thwart North Korean cyberattacks, Das identifies a significant hurdle: the lack of universal security standards in the decentralized world of cryptocurrency. In many cases, firms still prioritize rapid development over security, leaving them vulnerable.

Das explained, "In the Bybit case, the attackers exploited a multi-signature wallet system designed for enhanced security, ironically turning this security feature against its users." Until security becomes a top consideration, the risk of future attacks remains high.

As North Korea continues to bolster its cryptocurrency reserves through illicit means, the international community watches closely for potential responses and the implications these actions may have on global security and financial stability.

Julian Ryall is a journalist based in Tokyo, focusing on political, economic, and social issues in Japan and Korea.

Share this article: