US Agencies Publish List of North Korea's Alleged Crypto Crimes

The US government urged countermeasures to stymie North Korea's billion-dollar cybercrime campaigns.

AccessTimeIconApr 15, 2020 at 6:05 p.m. UTC
Updated Sep 14, 2021 at 8:29 a.m. UTC

The United States government, in a new warning on Wednesday, outlined an aggressive set of countermeasures it said could stymie North Korea’s highly lucrative and often cryptocurrency-dependent global cybercrime campaigns. 

Pointing to a laundry list of cyber assaults allegedly initiated by North Korean state actors, the U.S. departments of State, Treasury and Homeland Security plus the Federal Bureau of Investigation (FBI) argued that cutting the Hermit Kingdom’s money flow – said to be billions of dollars raised over the past two years including $1.5 billion in crypto – is vital to stopping the rogue regime’s development of weapons of mass destruction. 

“We strongly urge governments, industry, civil society and individuals to take all relevant actions” to stop future attacks from occurring, the agencies said. This includes implementing tough anti-money-laundering frameworks for digital currency, expelling North Korean IT workers, following best cyber practices, and communicating with law enforcement.

Together, these steps could help mitigate a threat the U.S. government is calling “Hidden Cobra.” The crypto focus of this criminal pattern of activity dates back to at least May 2017, when the WannaCry ransomware attack infected hundreds of thousands of computers and demanded bitcoin as ransom. World governments have blamed North Koreans for the hack.

Since then, the U.S. agencies assert, Hidden Cobra's perpetrators have mounted increasingly sophisticated and diverse cyber campaigns – including multiple plots entirely dependent on digital currency. Cryptojacking has collectively raised $25,000 in monero and money laundering has washed hundreds of millions in stolen exchange funds that would otherwise have fallen under sanctions.  

Those campaigns are only expected to rise in prominence. The country is expected to boost its monero activities in 2020 and its $1.5 billion crypto money laundering network is also believed to be ongoing.

“The DPRK also uses cyber capabilities to steal from financial institutions, and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent” with international cyberspace norms, according to the U.S. agencies.

U.S officials have maintained a zero-tolerance policy for even the appearance of assisting the North’s crypto operations. Virgil Griffith, an Ethereum developer, was indicted in early 2020 for attending a North Korean crypto conference where he is accused of describing how blockchain systems can be used to evade sanctions. 

North Korea has strongly denied allegations of stealing up to $2 billion dollars in fiat and crypto, calling the accusations “nothing but a sort of a nasty game.” The rest of the world disagrees.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.