Over the past five years, hackers backed by North Korea have successfully stolen approximately $3 billion in cryptocurrency by employing sophisticated tactics and posing as recruiters, IT workers, and government officials. These elaborate schemes have allowed them to gain access to sensitive information and exploit unsuspecting victims. Notably, the stolen cryptocurrency funds 50% of North Korea's ballistic missile program, as reported by The Wall Street Journal.
One instance of their modus operandi involved a hack on the Axie Infinity platform in 2021, where hackers posed as recruiters and lured an employee of Sky Mavis, the parent company. By sharing a document containing malware, they gained access to the employee's computer, enabling the theft of $600 million in cryptocurrency. These evolving tactics demonstrate North Korea's increasing sophistication in executing cyberattacks, serving as a crucial source of funding for their nuclear weapons and missile programs.
The hackers adopt various disguises, sometimes impersonating IT professionals or government officials. They create a "shadow workforce," masquerading as Japanese blockchain developers or Canadian IT workers, with potential earnings of up to $300,000 per year. In certain cases, they even attempt to secure employment at the targeted companies, utilizing Western individuals to participate in interviews. Once hired, they subtly introduce changes to products, providing openings for hacking attempts. Companies find themselves engaged in an ongoing "arms race" with these increasingly advanced hackers, making it challenging to detect and prevent their activities.