The Koreas | security | East Asia
Cryptocurrency is not only a financial asset to steal and launder, but also a lucrative tool to fund global espionage and recruit foreign agents.
Seoul recently arrested two South Korean nationals, a 38-year-old cryptocurrency exchange operator (Lee) and a 29-year-old army captain, on charges of espionage related to the sale of military secrets to Pyongyang. Corresponding reports, a North Korean agent, met Lee through an undisclosed online cryptocurrency forum in 2016 and offered him cryptocurrency in exchange for his assistance with ongoing clandestine operations. South Korean media too Expectations that the two communicated via the private messaging app Telegram. While such features are not inherently bad, criminals have consistently used end-to-end message encryption features and other privacy protocols specific to apps like Telegram to coordinate, propagate, and monetize illegal activities.
The Korean National Policy Agency specified that North Korean agent Lee paid about $600,000 and the army captain about $38,800 in cryptocurrency for their participation. Since Lee has been in contact with the agent since 2016, there are serious concerns about his involvement in other incidents of attempted or successful espionage against Seoul. Although Pyongyang has one documented history recruiting South Korean citizens for espionage through coercion and seduction, this is the first known public case of North Korea paying foreign agents in cryptocurrency to commit espionage and an active-duty military captain working with a North Korean hacker.
Interestingly, Lee was involved in one of the commissioned operations recruitment the active South Korean military captain. Upon recruitment, the Captain provided Pyongyang with the credentials needed to access the Korean Joint Command and Control System (KJCCS), which the South Korean Joint Chiefs of Staff use to evaluate C4I (command, control, communications, computers and use intelligence). skills during military exercises, training and operations. Through Telegram, North Korean agent Lee also ordered spycam equipment to be sent to the captain to photograph items and information of interest to Pyongyang. The equipment included a wristwatch equipped with a secret camera and USB sticks loaded with “poison strips”, a hacking tool that allows one to compromise a computer via its USB port for various purposes, such as B. to steal information, gain unauthorized control over the device and more.
In 2022North Korea has continued to expand its use of cryptocurrency and financial technologies through social engineering tactics, laundering of stolen virtual assets, and even hacking Play-to-Earn (P2E) crypto video games as seen in the Axie Infinity hack, overall over $600 million in stolen assets. In response to these threats, the US government has stepped up efforts to counter the spread of North Korean cybercrime, as indicated by its recent assessment Blender.ioa virtual currency mixer that “facilitates indiscriminate illegal transactions [of Bitcoin] by obscuring their origin, destination and counterparties.” According to the US Treasury Department, the mixer processed over $20.5 million worth of cryptocurrencies laundered in connection with North Korea’s Axie Infinity hack.
While offering money to foreigners in exchange for government secrets is certainly not new, the case of Lee and the active-duty army captain is extraordinary in that North Korean agents communicated with them through an encrypted messaging app and decided to make payments in cryptocurrency. not in traditional currencies.
That North Korea pays foreign agents in cryptocurrency suggests that Pyongyang views cryptocurrency not only as a financial asset to steal and launder, but also as a lucrative tool to fund global espionage and recruit foreign agents to advance its national interests.