North Korea is funding its weapons program with stolen digital currency. Hacking has become a central strategy for Kim Jong-un's regime to generate revenue and soften the blow of economic sanctions. A new report from the United Nations, seen by the Associated Press, outlines the considerable breadth of the operation, which it says is being used to fund the development of weapons of mass destruction.
Last week, several media outlets reported the UN's conclusion that North Korea has stolen as much as $2 billion using "widespread and increasingly sophisticated" cyberattacks on financial institutions and cryptocurrency exchanges. The AP has now seen a lengthier version of the report, which provides more detail about the attacks. UN experts say they are looking into at least 35 instances in 17 countries in which North Korea used a cyberattack to raise money for its weapons programs.
North Korea's hackers appear to have done the most damage in South Korea. The report counts 10 attacks there, including four leveled at Bithumb, one of the largest cryptocurrency exchanges in the world. State-sponsored hackers from North Korea also carried out three attacks in India and two each in Bangladesh and Chile, according to the AP.
The attacks have taken two main forms. Some were targeted at the SWIFT system that banks use to transfer money internationally. In those cases, hackers infiltrated bank employees' computers and other infrastructure to send fraudulent messages and destroy evidence. Other attacks involved stealing digital currency from cryptocurrency exchanges and users. The UN researchers say that North Korea is also engaging in "mining of cryptocurrency as a source of funds for a professional branch of the military."
For years, North Korea has seemed committed to a strategy of stealing money via the internet. Digital currency offers a way to raise funds and engage in commerce outside the US-dollar-led global financial system.
Thanks to new global regulations, the cryptocurrency industry is facing a crossroads. Crypto exchanges, the bridges between the crypto realm and the traditional financial system, have been put on notice by an influential governmental body charged with policing financial crimes. In June, the Financial Action Task Force (FATF), finalized a guidance that includes a particularly contentious new rule: cryptocurrency exchanges must now share personally identifiable information with each other about users that engage in transactions larger than 1,000 dollars or euros. More precisely, the exchange from which such a transaction originates must supply that information to the beneficiary exchange. This is similar to a regulation called the "travel rule," which has long governed financial institutions in the US.
Though the new rules are technically non-binding, they have been supported by the Group of Seven (G7), including influential states like the US and Japan. This makes them effectively binding, according to Jesse Spiro, global head of policy at blockchain analytics firm Chainalysis. It doesn't mean every exchange in the world will comply, however, and many users could move to exchanges that don't—or seek out more decentralized methods of exchange.
That may be putting the cart before the horse, though. Despite recent reports (including one that came out last Friday) suggesting that governments are collaborating on a surveillance system for crypto, that doesn't appear to be exactly right. In fact, exchanges are still early in the process of figuring out how exactly they will technically pull this off while also complying with the range of local privacy regulations. "There are many balls in the air," says Spiro.
What is clear, however, is that over the next year or so it will be up to exchanges to decide whether to fall in line with traditional financial regulations—or not, and risk failing to gain traction with mainstream institutions and users. Read more here.
Need help keeping up on the most significant advances in AI, climate adaptation, personalized medicine, data security, and more?
We're gathering the experts at our two-day conference to tell you everything you need to know. Seats are selling fast—purchase your ticket today.
Loose Change
Fill your pockets with these newsy tidbits.
- London-based bank Barclays has cut ties with Coinbase, a relationship that had let users easily withdraw and deposit British pounds with the exchange. (CoinDesk)
- SimplyVital Health, a healthcare company that uses blockchain technology, has settled charges with the SEC, which alleges that the company sold unregistered securities during its $6.3 million ICO in 2017. (Decrypt)
-
In July the IRS began sending letters to thousands of cryptocurrency users in July advising that they may have made mistakes in their tax filings. Now the agency is sending out a new letter to users asking them to pay specific amounts in taxes it says are still due. (The Block)
+How the hell are cryptocurrency users supposed to file their taxes? (TR)
- Bitfury, which makes blockchain software and hardware and is one of just a few crypto companies valued at over $1 billion, has launched a division focused on artificial intelligence. (Reuters)
-
Money stolen in May from the popular exchange Binance is being laundered through a known mixing service, according to researchers. (CoinDesk)
- Bitcoin-focused startup Blockstream has revealed that it is operating massive Bitcoin mining facilities in Quebec, Canada, and Georgia in the US. It plans to offer mining services to enterprises, and says Fidelity's research lab is an early customer. (Forbes)
