Type to search

North Korea Crypto Theft at Record High in 2022: UN Report

Independent sanctions monitors said South Korea estimated that North Korean-linked hackers stole virtual assets worth $630 million last year

Cryptocurrency and US dollar stock image
Cryptocurrency and US dollar stock image. Image: David McBee / Pexels.


North Korea stole a record amount of cryptocurrency assets in 2022 using “increasingly sophisticated” methods, according to a currently confidential report by the United Nations report.

Hackers from the country targeted networks of foreign aerospace and defence companies, the report said.

Independent sanctions monitors said South Korea estimated that North Korean-linked hackers stole virtual assets worth $630 million in 2022. Another cybersecurity firm assessed that North Korean cybercrime yielded cybercurrencies worth more than $1 billion.


Also on AF: Baidu Finishing Tests in March for ChatGPT-Style ‘Ernie Bot’


“The variation in USD value of cryptocurrency in recent months is likely to have affected these estimates, but both show that 2022 was a record-breaking year for DPRK (North Korea) virtual asset theft,” the UN report said.

US-based blockchain analytics firm Chainalysis last week reached the same conclusion. North Korea-linked hackers such as those in the cybercriminal syndicate Lazarus Group have been by far the most prolific cryptocurrency hackers, stealing an estimated $1.7 billion worth of in multiple attacks last year, the report said.

The Lazarus group has been accused of involvement in the “WannaCry” ransomware attacks, hacking of international banks and customer accounts, and the 2014 cyber-attacks on Sony Pictures Entertainment.

Last May, China and Russia vetoed a US-led push to impose more UN sanctions on North Korea. This included a proposed asset freeze on the Lazarus hacking group.


Phishing through LinkedIn, Whatsapp

“(North Korea) used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance, and to steal information of potential value, including to its weapons programmes,” the sanctions monitors reported to a UN Security Council committee.

The monitors said most cyber attacks were carried out by groups controlled by North Korea’s primary intelligence bureau – the Reconnaissance General Bureau. It said those groups included hacking teams tracked by the cybersecurity industry under the names Kimsuky, Lazarus Group and Andariel.

“These actors continued illicitly to target victims to generate revenue and solicit information of value to the DPRK including its weapons programmes,” the UN report said.

The sanctions monitors said the groups deployed malware through various methods including phishing. One such campaign targeted employees in organizations across various countries.

“Initial contacts with individuals were made via LinkedIn, and once a level of trust with the targets was established, malicious payloads were delivered through continued communications over WhatsApp,” the UN report said.

It also said that, according to a cybersecurity firm, a North Korean-linked group known as HOlyGhOst had “extorted ransoms from small- and medium-sized companies in several countries by distributing ransomware in a widespread, financially motivated campaign.”

The UN report, submitted to the 15-member council’s North Korea sanctions committee on Friday, cited information from UN member states and cybersecurity firms. It is due to be released publicly later this month or early next month, diplomats said.


  • Reuters with additional editing by Vishakha Saxena


Also read:

Crypto Crash Hits Proceeds of North Korean Hacker Heists

N Korea Hackers Prime Suspects in $100m Harmony Crypto Heist

Pyongyang Trying to Place Hackers in Foreign Firms, Says US

China, North Korea Among Suspects in US Courts Data Breach


Vishakha Saxena

Vishakha Saxena is the Multimedia and Social Media Editor at Asia Financial. She has worked as a digital journalist since 2013, and is an experienced writer and multimedia producer. As a trader and investor, she is keenly interested in new economy, emerging markets and the intersections of finance and society. You can write to her at [email protected]


AF China Bond