It was a surprising interview for recruiter Elliott Garlock. While screening candidate engineers for a crypto firm in February, Garlock encountered an applicant who raised nearly every conceivable red flag.
It was an awkward and inconclusive interview. Worst of all, it was the first of many. Garlock, founder of the recruiting firm Stella Talent Partners, soon encountered another, almost identical, candidate. Then another, and another, and another.
“I got annoyed after a while, because it was a complete waste of time,” Garlock said. “I actually thought the scam was that they were offshore, trying to take advantage of remote work just to get paid for not working.”
Now a new hypothesis has emerged: the job interviewers were North Koreans trying to cash in on the reunified nation. This is in line with warnings from both the FBI and the Treasury Department, which have warned the cryptocurrency industry about the growing threat posed by North Korea.
The threat is more than theoretical, as a devastating hack in March showed. The Lazarus Group, a hacking organization affiliated with the North Korean government, managed to mine over $600 million in crypto from the blockchain used by the NFT game Axie Infinity. North Korean hackers stole $840 million in the first five months of 2022, $200 million more than what was stolen in 2020 and 2021, according to Channel Analysis data.
This is an unusual result. Ann Neuberger, deputy national security adviser in the Biden administration, estimates that about a third of North Korea’s loot goes to its weapons program, including nuclear weapons. It is also involved in the country’s espionage operations. When two South Koreans were revealed earlier this year to have been stealing military information for a North Korean spy, it turned out they were paid in Bitcoin.
“Crypto is essential to North Korea now,” said Nick Carlson, a former North Korea analyst at the FBI who now works for crypto-security firm TRM Labs. “By any standard, they are a crypto superpower.”
A crypto superpower with nuclear weapons, that is. North Korea observers say a country whose crypto capability is directly funding the development of nuclear weapons, with the possibility of a new nuclear test increasing. Rogue nation ramps up ballistic missile tests in past 10 days: More than 5 million residents of Japan were told to take immediate shelter on Wednesday after North Korea launched a missile over the island of Hokkaido. It is highly likely that this, too, was at least partially funded by stolen cryptocurrency.
The Democratic People’s Republic of Korea, as North Korea is officially known, has come to rely heavily on crypto since the start of the pandemic. It historically relied on black market trade, exporting coal, meth, cigarettes and labor to Southeast Asia, Russia, and especially China. But leader Kim Jong-un’s zero-covid strategy has closed borders, reducing the country’s already meager revenues. Trade with China, by far North Korea’s biggest economic partner, fell by 80 percent in 2020, and reports of food shortages abound. At the same time, cryptocurrency values are skyrocketing.
Despite the recent crypto crash, Bitcoin is trading 250% higher than before the pandemic. Ether, the second largest cryptocurrency, is up more than 700%.
Garlock estimates he encountered a dozen candidates he now believes to be North Korean operatives between February and April. None of them were handed over to any of his client companies, which is fortunate. North Korean hackers have shown that they can do a lot of damage if they manage to trick just one person.
While the exact details of the buyers are unclear, there is little doubt about where the profits from North Korea’s stolen crypto are funneled. “It’s going into illegal weapons programs,” said RAND’s Soo Kim. “It’s going to fund Kim’s lavish lifestyle.” Illicitly-earned crypto profits are funding North Korea’s weapons program, the Treasury has also flagged.
The threats posed by Kim’s weapons program have been simultaneously highlighted and overshadowed by the political spectacle of Donald Trump’s presidency. But more than half a million Japanese residents were reminded of the dangers on Wednesday when North Korea fired ballistic missiles over the island of Hokkaido. The launch triggered Hokkaido’s air raid warnings, and any residents watching the TV were urged to take shelter immediately.
It was North Korea’s fifth launch in a week, with other missiles landing in the seas of Korea and Japan. After remaining relatively quiet during the pandemic, the Kim regime has again taken an aggressive stance against its arch-rivals, the United States and South Korea. In September, North Korea’s parliament rubber-stamped a new law that would have fired nuclear missiles if South Korea or the United States tried to kill Kim.
When new South Korean President Yoon Seok-yul offered Kim economic incentives to denuclearize, the DPRK government refused. Kim’s sister, Yoo Jong, said Yoon was “still childish” and “should keep her mouth shut.”
“Nobody trades their destiny for a corn cake,” he added.
The Bulletin of Atomic Scientists has identified North Korea as one of the potential flashpoints of a nuclear war. Created by Albert Einstein after the atomic bombings of Hiroshima and Nagasaki, the Bulletin maintains a doomsday clock. As unpleasant as your 6 a.m. alarm may be, this alarm clock is far worse: The closer the doomsday clock gets set to midnight, the closer scientists predict we’ll be to our end. .
In January, it was set so late in its 75-year history: 100 seconds to midnight. For comparison, after the Soviet Union detonated the first atomic bomb in 1949, the Doomsday Clock was set to 3 minutes to midnight. When the Soviet Union dissolved in the early 1990s, the clock went back to 17 minutes to midnight.
Recent fears about nuclear war are understandably focused on Ukraine. Faced with embarrassing battlefield setbacks in his war there, Putin has made clear nuclear threats. Another problem is Iran, which is slowly building its nuclear capability. Like North Korea, Iran is also surrounded by economic sanctions. But the Khamenei administration is happy with the flowing oil reserves. North Korea is unique in its use of cryptocurrency to evade sanctions related to its nuclear program.
North Korea’s recent missile tests are believed to be partly in response to US Vice President Kamala Harris’ visit to South Korea in September. Experts like RAND’s Soo Kim believe they foreshadow a nuclear weapons test, which would be the first since September 2017.
“Some people think it’s grumbling and, to an extent, there’s going to be a little bit of that,” Kim said. “But if Kim [Jong-un] wasn’t serious about using weapons, he wouldn’t be displaying them, he wouldn’t be praising them, and he wouldn’t be doing them as diligently.”
Nuclear weapons serve as an invaluable set of cards for North Korea, Rands Kim explained. Even if it has no intention of ending its weapons program, the government can play its hand when needed. The stakes are so high that officials in Washington and Seoul are forced to take notice. Meanwhile, the most effective way to counter North Korea will be with the help of China, North Korea’s largest unofficial trading partner. Su Kim said the trouble is that North Korea itself is a bargaining chip for China. It might help rein in its rogue neighbor, but what is Washington willing to do in return?
While this game is being played, the doomsday clock is ticking.
Teach a man to phish
The U.S. government is limited in what it can do to stop North Korea’s crypto heists. The Treasury Department is trying to slow down the laundering tools used by the government, which has led to the banning of Tornado Cash and Blender. Perhaps more importantly, the FBI is working to recover the stolen funds. Cooperating with blockchain analytics firm Chainalysis, the FBI froze $30 million in crypto stolen from Ronan in September.
“It seems like we’re in a catch-up game,” Su Kim said, “where you’re not fast enough to meet the North Koreans on the ground, but you’re always chasing them.”
According to Convex Labs’ Bax, a more effective way is to prevent hacks from happening in the first place. “We always take a reactive approach, chasing money after it’s stolen,” he said. “This money is being reinvested in criminal enterprises. We have to stop it before it happens. That’s the only way.”
Bax points out that North Korea specializes in phishing scams — estimating that about half of crypto-phishing scams originate in North Korea — and so helping people detect phishing attacks should be a priority. He also advocates government-subsidized security audits. Only one engineer was phished to withdraw Ronan’s funds, while the attackers needed only two signatures to steal $100 million from Harmony Bridge.
Major hacks attributed to North Korea have died down in recent months. Crypto winter, when bitcoin and ether plummeted amid fears of a recession and jobs froze. The government is still busy laundering the funds stolen during the first half of this year. But the industry has proven too lucrative for North Korea to shut down operations.
“It’s going to take a really critical moment, some big event that really shocks people, and then there’s going to be a lot of pressure to do something,” Carlson said. “It’s a constant waiting game.
“There’s another one coming.”