Seemingly every week in crypto yields another multimillion-dollar hack or exploit – and with it, reams of memes about North Korea, the supposed culprit.
The Hermit Kingdom’s alleged proficiency in pilfering billions of dollars from crypto protocols has spawned a new category of Kim Jong-Un-focused comedy on Crypto Twitter, the industry’s sometimes moldy water cooler. These memes cast North Korean hackers as master strategists dutifully draining decentralized finance (DeFi) in their race to nuke the world.
Jokes or no, they’re not entirely wrong. The Democratic People’s Republic of Korea (DPRK) has raided crypto exchanges, cross-chain token bridges and companies of over $1 billion in crypto this year alone, according to research firm Chainalysis.
These hacks have real-world implications: Officials have said the money helps fund North Korea’s nuclear weapons program. But in crypto, too, Kim’s shadow looms larger than ever: His hackers’ sloppy laundering of the Ronin hack through mixing service Tornado Cash led to the U.S. government’s first-ever sanctioning of a crypto protocol.
North Korea’s crypto heists stretch back to at least 2017. But it wasn’t until late 2020 that memesters started memorializing them, said DeGen Ping, a pseudonymous market commentator who riffs on Crypto Twitter.
“Then it revived with the Axie hack earlier this year,” Ping said in a Twitter message, referring to Axie Infinity. Now it’s full steam ahead: “People are waking up to the trend.”
The memesters aren’t waiting around for an official declaration of blame, Ping said. Now, every new hack and heist fosters new potential for fresh DPRK content. And there are a lot of hacks and heists from which to choose. One tongue-in-cheek bingo board suggests crypto suffers at least one colossal screwup a month.
“Nobody knows for sure but safe to assume [DPRK is behind it] until proven otherwise,” Ping said.
In the past seven days two episodes have sparked new DPRK memes: BNB Chain’s $500 million drain (a hack), and Solana-based DeFi exchange Mango Market’s $100 million loss (an exploit).
It may not be so far afield to drop the BNB heist at Kim’s feet; the incredible complexity that went into spoofing that Binance-linked blockchain suggests a state actor is at work. But the Mango drain, which saw an attacker manipulate the price of MNGO using tokens secured from a centralized (and thus know-your-customer compliant) exchange, is almost certainly not.
That made no nevermind for Crypto Twitter. In the hours following the heist some Crypto Twitterati speculated (using memes) that Lazarus Group hackers were to blame.
At the root of these memes may be the same weird mix of the professional and the grotesque that Will Gottsegen, CoinDesk's former culture reporter, says is the signature of Crypto Twitter.
“It's sort of like, both the dumbest and the most important platform in crypto,” he said.
On Crypto Twitter, traders can chase funding, influence, clout and fame by flaunting their wit, he said. Memes are a sort of currency in this space. DPRK offers a chance to relate crypto’s in-jokes to national security themes that actually matter to the world.
“In a way the DPRK memes are Crypto Twitter’s attempt at public intellectualism,” he said.
Ascribing such highfalutin themes to, well, s**tposting, isn’t accepted by all. One of the most prolific of these posters, the Twitter account for investor CMS Holdings, thinks the spate of North Korea memes is a function of people having literally nothing better to do.
“Think it's really just dull markets,” he said.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.