South Korea imposes sanctions on North Korean crypto hackers, IT operatives

Quick Take

  • South Korea is imposing sanctions on 15 North Korean individuals and one entity involved in illicit cyber activities, including cryptocurrency heists.
  • North Korean hackers stole $1.34 billion worth of cryptocurrencies in 2024, according to Chainalysis.

The South Korean government announced today that it imposed sanctions on 15 individuals and one entity from the Democratic People’s Republic of Korea involved in illicit cyber activities, including cryptocurrency heists.

The 15 North Korean individuals have been working for Bureau 313, an organization under the Workers' Party of Korea’s Machine-Building Industry Department, South Korea’s Ministry of Foreign Affairs said in a statement. The department, subject to UN Security Council sanctions since 2016, oversees DPRK’s weapons production, including its ballistic missile program.

“North Korean IT personnel are known to be dispatched to China, Russia, Southeast Asia and Africa as affiliated organizations of the government, disguising their status and securing work orders from IT companies around the world, while some are also involved in information theft and cyberattacks,” the statement said.

A representative of South Korea’s Foreign Affairs Ministry told The Block that a number of the sanctioned individuals stole cryptocurrencies through hacks. However, the ministry declined to specify the identities of those who have conducted crypto heists.

One sanctioned individual named Kim Cheol-min, infiltrated IT firms in the U.S. and Canada as an employee and sent large sums of foreign currency to Pyongyang. 

South Korea also placed sanctions on one North Korean entity that dispatches numerous North Korean IT personnel overseas and remits large sums of money to fund the regime and its military, according to the statement.

DPRK hacks on the rise

North Korean hackers are said to be responsible for some of the largest cryptocurrency hacks. On Monday, the Federal Bureau of Investigation announced that North Korean cyber actors were behind the $308 million crypto theft from Japan-based crypto firm DMM Bitcoin, which led the company to shut down.

Last week, the U.S. Treasury Department imposed sanctions on two individuals and one entity for laundering cryptocurrencies for the DPRK in a front company in the United Arab Emirates.

According to blockchain analytics firm Chainalysis, North Korean hackers stole $1.34 billion worth of crypto across 47 incidents. This represents 61% of the total amount stolen for the year, showing an increase in both amount and frequency.

“[Some] events appear to be linked to North Korean IT workers, who have been increasingly infiltrating crypto and Web3 companies, and compromising their networks, operations and integrity,” the Chainalysis report said. “These workers often use sophisticated Tactics, Techniques and Procedures (TTPs), such as false identities, third-party hiring intermediaries, and manipulating remote work opportunities to gain access.” 


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Danny Park is an East Asia reporter at The Block writing on topics including Web3 developments and crypto regulations in the region. He was formerly a reporter at Forkast.News, where he actively covered the downfall of Terra-Luna and FTX. Based in Seoul, Danny has previously produced written and video content for media companies in Korea, Hong Kong and China. He holds a Bachelor of Journalism and Business Marketing from the University of Hong Kong.

Editor

To contact the editor of this story:
Timmy Shen at
[email protected]