North Korea Evades Western Sanctions Through Crypto Hacks
Pyongyang Trains Elite Cyber Operatives for State-Sponsored Attacks
South Korea’s Fragile Cyber Defense: A Ticking Time Bomb?

North Korea is now firmly positioned at the epicenter of global cryptocurrency crime, with more than half of the crypto losses recorded in the first half of 2025 attributed to its cyberattacks. Backed by a state-sponsored training regime for elite hackers, Pyongyang has leveraged its growing cyber capabilities to siphon off digital assets from global exchanges—turning crypto theft into a strategic tool for sanctions evasion. As a result, international actors are racing to implement countermeasures to curb the rogue state's expanding cyber operations.

Disrupting the Crypto Market

On June 29, blockchain intelligence firm TRM Labs released its midyear report, “H1 2025 Crypto Hacks and Exploits: A New Record Amid Evolving Threats”, revealing that global crypto thefts totaled $2.1 billion in the first half of the year. A staggering 70% of that—amounting to $1.6 billion—was linked to hacker groups affiliated with North Korea. According to TRM Labs, “North Korea has solidified its position as the most prolific nation-state threat actor in the crypto space,” adding that theft is now “an integral component of state operations.”

North Korean hackers were reportedly behind a series of high-profile breaches this year, further destabilizing the crypto landscape. In February, decentralized exchange Bybit suffered a major breach, losing $1.5 billion in Ethereum and related assets. Wallet provider Safe later disclosed that the attack stemmed from a compromised developer laptop. Both TRM Labs and U.S. authorities identified the notorious Lazarus Group as the primary culprit behind the heist.

Laundering and Conversion to Stablecoins

Groups like Lazarus typically launder stolen crypto through hard-to-trace decentralized exchanges (DEXs) and mixer services, repeatedly obfuscating the trail before ultimately converting the assets into U.S. dollar-pegged stablecoins like USDT and USDC. This practice enables North Korea to bypass sanctions imposed by the United Nations and the United States, posing a grave international security threat.

This laundering operation thrives in regulatory gray zones. According to media outlets such as The Guardian and BBC, peer-to-peer (P2P) transactions and certain DeFi platforms fall outside the purview of the Financial Action Task Force’s (FATF) “Travel Rule,” which mandates anti-money laundering measures. North Korean operatives and other illicit actors exploit these gaps to establish anonymous, cross-border financial pipelines.

The escalating damage from North Korea’s crypto attacks has spurred a global response. FATF has urged its member states to tighten regulations on virtual asset service providers (VASPs), particularly stressing the urgent need for oversight of stablecoin issuers and DeFi platforms. U.S. agencies, including the Office of Foreign Assets Control (OFAC) and the Department of Justice (DOJ), have begun seizing crypto assets linked to North Korean activities. These agencies have previously sanctioned wallet addresses used by Pyongyang and collaborated with major exchanges to freeze illicit funds.

Training a Cyber Army

Despite sanctions and international pressure, North Korea's cyber threat is likely to intensify. The country has steadily expanded its hacking capabilities, now boasting one of the world’s top five hacker contingents—even though only 1% of its population has internet access. This prowess stems from a decades-long state-backed education pipeline.

Gifted students are identified from elementary school and enrolled in elite computer science programs at institutions like Kum Song School. Top performers go on to study at premier STEM universities such as Kim Il-sung University, Kim Chaek University of Technology, and Pyongyang Computer Technology University. Others are channeled into military academies like Kim Il Military University and Moranbong University, where they receive three to five years of advanced cyber warfare training under military and intelligence oversight.

The effectiveness of this system is proven in international competitions. In 2023, a student from Kim Chaek University topped a global hacking challenge hosted by a U.S. tech company with a perfect score of 800, outpacing over 1,700 participants. Students from Kim Il-sung University and other North Korean institutions filled out the rest of the top five. North Korea also dominated the CodeChef programming contests—organized monthly by Indian software firm Directi—winning 18 times between 2013 and 2020, competing against over 20,000 students from 80 countries.

While North Korea has weaponized its cyber talent, South Korea’s cyber defense remains alarmingly underdeveloped. According to the 2025 National Information Security White Paper released by South Korea’s National Intelligence Service (NIS) last month, only 67.1% of government agencies have dedicated cybersecurity departments. More concerningly, over half of those departments are staffed with just four or fewer personnel.

An IT security expert commented, “Compared to North Korea’s offensive capabilities, South Korea’s cyber defense is woefully inadequate,” warning that a comprehensive review of public and private cybersecurity infrastructure is urgently needed.