What has made North Korea a hacking powerhouse? Cryptocurrency has become a key battleground.

North Korean hacker group obtained $625 million in the Ronin cross-chain bridge incident and took away $100 million in the Harmony cross-chain bridge, showcasing a strong track record in major cryptocurrency hacking incidents. An anonymous account, TheDeFiEdge, analyzed the reasons behind the flourishing development of North Korean hackers:

North Korean hacker groups have made a fortune in major cryptocurrency hacking incidents, including taking $625 million in the Ronin cross-chain bridge incident and $100 million in the Harmony cross-chain bridge. The anonymous account TheDeFiEdge analyzed the reasons behind the flourishing development of North Korean hackers:

After World War II, North Korea on the Korean Peninsula was supported by the Soviet Union, while South Korea was supported by the United States. South Korea has prospered over the past few decades, while North Korea has become one of the poorest countries in the world.

This is because North Korea has been under economic sanctions for decades, and its supporter, the Soviet Union, also collapsed in the 1990s. In 2019, North Korea's GDP was $18 billion, accounting for about 0.02% of the world economy.

TheDeFiEdge stated that despite sixty percent of North Koreans living below the poverty line, the Kim regime still lives a luxurious life. Why is that?

"Room 39," officially called Bureau 39, is a government organization responsible for North Korea's overseas financial activities, with funds distributed to military leaders and the ruling elite.

Due to economic sanctions, Bureau 39 had to find alternative ways in the modern financial system: through criminal and illegal activities. Rumors suggest that high-quality counterfeit currency known as "Superdollar" is produced by North Korea; manufacturing methamphetamine, distributed by Chinese triads and Japanese Yakuza, human trafficking, are all sources of income.

TheDeFiEdge believes that this has also led to hacking and cyber warfare. The reason for hacking activities is that it offers asymmetric rewards, can be easily denied, and is cheaper than launching a military attack. Even if caught, Western powers cannot retaliate. TheDeFiEdge mentioned that cultivating these hackers starts from a young age, selecting elites and sending them to China and Russia for cyber warfare training.

He also reviewed North Korea's past hacking records. According to records, North Korea has never admitted to committing any crimes, mostly accused by the United States:

• In 2014, Sony was hacked due to a comedy film depicting the assassination of North Korean leader, where hackers leaked four unreleased movies to file-sharing sites, publicly disclosed internal employee salaries and performance evaluations, as well as a large amount of internal information.
• In 2016, the Bangladesh Central Bank was hacked, resulting in the transfer of $1 billion worth of funds.
• In 2018, the Wannacry ransomware locked Windows computer data and demanded ransom in Bitcoin.

Later, they delved into cryptocurrency theft because it is highly profitable and money laundering is more convenient. For instance, in the case of the Bangladesh Central Bank, after stealing a large amount of funds, they were transferred to the Philippines and laundered through the gambling industry. Money laundering with cryptocurrency is even more convenient, as using protocols like Tornado Cash for mixing is sufficient.

In March this year, they made $600 million in the Ronin cross-chain bridge incident and took $100 million in the Harmony cross-chain bridge. Many blockchain analysis institutions believe these were carried out by North Korean hackers.

TheDeFiEdge believes that the commonality among these hacking incidents is that they target cross-chain bridges and tend to focus on Asian companies. Most attacks are carried out through social engineering traps to send malicious files.

TheDeFiEdge warns that this tells us to be wary of social engineering attacks; although three North Korean hackers have been indicted by the United States in the past, they have not been captured.