For years, North Korea’s Kim dynasty has made money through criminal schemes like drug trafficking and counterfeiting cash. In the last decade, Pyongyang has increasingly turned to cybercrime—using armies of hackers to conduct billion-dollar heists against banks and cryptocurrency exchanges, such as an attack in 2018 that netted $250 million in one fell swoop. The United Nations says these actions bring in vast sums which the regime uses to develop nuclear weapons that can guarantee its long-term survival.
But there is a big difference between hacking a cryptocurrency exchange and actually getting your hands on all the cash. Doing that requires moving the stolen cryptocurrency, laundering it so no one can trace it, and then exchanging it for dollars, euros, or yuan that can buy the weapons, luxuries, and necessities even bitcoins cannot.
“I’d say the laundering is more sophisticated than the hacks themselves,” says Christopher Janczewski, a lead case agent at the IRS who specializes in cryptocurrency cases.
Janczewski sees a lot of action these days. He led investigations into the recent hack that affected verified Twitter users, and into the Bitcoin-funded activities of the darknet’s largest site for images of child sexual abuse. Janczewski was most recently the lead investigator in a case to trace and seize $250 million in cryptocurrency from an unprecedented streak of multimillion-dollar hacks allegedly carried out by the North Korean hacking team known as Lazarus Group.
And, he says, Lazarus’s tactics are continuously evolving.