Coinspeaker South Korea Government Sanctions North Korean Hackers Over $1.3B Crypto Theft
North Korea has continued to attract global scrutiny due to its controversial actions and weapons development programs. On December 26, South Korea announced that it had blacklisted several individuals, including Park Heung-ryong, Yoon Jeong-sik, Ri Il-jin, and Kim Gyeong-il.
According to an official statement released on Thursday, these individuals are members of the 313th General Bureau, a unit under the Munitions Industry Department of North Korea’s Workers’ Party, often associated with the notorious Lazarus Group. Starting December 30, these individuals will officially be added to South Korea’s sanctions list.
North Korean Cyber Activities and Crypto Theft
The 313th Bureau is notorious for deploying a large number of North Korean IT personnel abroad, including in China, Russia, Southeast Asia, and Africa. These operatives pose as employees of regime-linked organizations, such as the Ministry of Defense, disguising their true identities while receiving work from IT companies worldwide.
The group is believed to employ advanced hacking techniques, phishing scams, and malware attacks to compromise crypto wallets and exchanges. According to South Korean authorities, the 313th Bureau and its affiliates were significantly involved in the $1.3 billion worth of digital assets stolen by North Korean hackers this year, as reported by Chainalysis.
The stolen amount represents 61% of the total digital assets stolen globally over the past 24 years, making it the largest theft on record. The illicit funds have reportedly been funneled into North Korea’s weapons development programs, including nuclear missiles, heightening tensions on the Korean Peninsula and drawing international condemnation.
South Korea’s government emphasized that cracking down on these illicit activities is essential to curbing Pyongyang’s military capabilities.
Uncovering the Undercover Agents
In addition to the sanctioned individuals, one of the key figures, Kim Cheol-min worked as an undercover agent at US and Canadian companies where he earned “a large amount of foreign currency” to support his country’s weapon developments.
The announcement further noted that Kim Cheol-min sent the earnings to Pyongyang, while Kim Ryu-seong was indicted in the United States earlier this month for violating US sanctions over several years.
“Kim Cheol-min earned a large amount of foreign currency by working undercover at US and Canadian companies and sent it to Pyongyang, while Kim Ryu-seong was indicted in a U.S. court on Wednesday, December 11 for violating US sanctions for several years,” reads the announcement.
A Joint Effort to Prevent Future Crypto Theft
The government said it worked with international bodies to dismantle North Korea’s illegal cyber activities. Earlier this week, South Korea and the United States government entered into a strategic partnership to build new technologies aimed at preventing crypto thefts linked to North Korea.
According to reports, South Korea’s science ministry will back the initiative until 2026. The project will see researchers from Korea University and RAND Corp. work together on tracking stolen crypto, preventing cyberattacks, and exploring how criminals launder illicit funds through methods like ransomware.
next
South Korea Government Sanctions North Korean Hackers Over $1.3B Crypto Theft