North Korea May Have Netted $200 Million in Bitcoin Transactions, Says Former NSA Officer

Francisco Memoria
  • A former NSA officer claims North Korea could have made 11,000 BTC last year using a cyber army
  • The regime has been accused of being responsible for the WannaCry ransomware campaign, and for taking down South Korean exchange Youbit
  • The country denies all hacking accusations.

North Korean hackers may have netted the regime over $200 million worth of cryptocurrency transactions last year. The money could have been used to dilute the impact of international sanctions imposed on North Korea over its nuclear and missiles program

The regime’s potentially huge cryptocurrency revenue was revealed by Priscilla Moriuchi, a former NSA officer, during an interview with Radio Free Asia. Per the former US government employee, North Korea could have made an estimated 11,000 bitcoins through a cyber army.

If the regime sold the cryptocurrency during its mid-December peak of over $19,340, it could have made over $200 million. If, however, it failed to do so then, the value of its coins plummeted to about $77 million over one month later.

If North Korea is still holding on to its funds, they’re currently worth $128.5 million as one bitcoin is currently trading at $11,680, according to data from CryptoCompare. Per Moriuchi, who now works at cybersecurity firm Recorded Future, the funds were acquired through mining or hacking.

Speaking to, she said:

“I would bet that these coins are being turned into something – currency or physical goods – that are supporting North Korea’s nuclear and ballistic missile programme.”

Priscilla Moriuchi

North Korea has in the past been blamed for various cybercrimes. In December, the US government claimed the reclusive state was behind May’s WannaCry ransomware attack, that affected over 230,000 computers in 150 countries, but seemed to rake in little over $100,000

Moreover, researchers at FireEye linked North Korean hackers to six cyber attacks against South Korean cryptocurrency exchanges. One of these attacks forced Youbit to shut down after filing for bankruptcy.

According to The Telegraph, there’s evidence that suggests North Korean hacker cells have set up operational hubs in foreign locations. While the regime denies all hacking accusations, cybersecurity experts and defectors reportedly claim promising students are handpicked to join Bureau 121, North Korea’s cyberwarfare agency.

North Korea Already “Ensconsed” In Cryptocurrencies

As The Telegraph notes, terrorist financing and money laundering expert Loretta Napoleoni argued that Pyongyang is already “ensconsed” in cryptocurrencies as it is most likely using them to launder money.

In a book, she cites cybersecurity experts to claim cryptocurrencies make it “easier to trade in weapons, drugs, and other illicit goods.” Reportedly, North Korea even used cryptocurrencies to sell arms and buy oil from countries like Libya and Iran.

Taking all of this into account, Moriuchi believes the international community should tighten regulations being applied to cryptocurrency exchanges. She stated

“That helps create a paper trail we can use to identify North Korean accounts and how North Korea is moving these currencies.”

Priscilla Moriuchi

Bitcoin ‘Sextortion’ Scheme Netted Cybercriminals Over $330,000

Blackmailers have reportedly managed to rake in over $330,000 worth of bitcoin, the flagship cryptocurrency, through an email-based ‘sextortion’ campaign that has been ongoing since at least 2017, and saw its activity surge last year.

According to a report published by UK firm Digital Shadows, the cybercriminals received said amount from over 3,100 unique BTC addresses. The funds ended up in 92 different bitcoin addresses believe to belong to the same organization, that could reportedly be making an average of $540 per victim.

The firm’s report, first spotted by The Next Web, tracked a sample of 792,000 emails sent to victims. The ‘sextortionists’ reportedly sent them an email that would include a known password as “proof” they hacked them, and claimed to have video evidence of them seeing adult content online.

The threat was that the video would be published online, if a ransom in BTC wasn’t paid. Last year, Cornell University computer science professor Emin Gün Sirer warned potential victims to “never pay, never negotiate” with cybercriminals trying to extort them.

Per Sirer, the emails were being sent to every email account on the popular website haveibeenpwned, which shows whether emails addresses had their data leaked on well-known online security incidents.

A Sophisticated Operation

The UK firm’s report seems to show the ‘sextortion’ operation was a sophisticated one, as scammers were seemingly trying to hire more people to help them target high-net-work individuals.

These hires could be getting high salaries, up to $768,000 a year, if they had experience in network management, penetration testing, and programming. The cybercriminals have notably also been using social media to target their victims.

The scammers’ capabilities are said to have varied in skill, as while some struggled to distribute a large amount of emails that could get past email server or spam filters, others managed to show high levels of sophistication, with emails sent from accounts specifically created for the campaigns.

Moreover, these campaigns were launched on a global scale, as the servers the emails came from were in five different continents. The highest amount of emails came from Vietnam, Brazil, and India. These servers could, however, have been compromised by the scammers as well.