As the crypto market matures, so does the image issue it has. Years ago, the crypto domain was troubled first and foremost by the fact that most people had no clue it existed. As the price of the first bitcoin and then all other cryptocurrencies began to climb, the attention came as well. But, around that time, about five years ago, the notion of the cryptocurrencies being tightly connected to criminal enterprises began to emerge in the mass media. Thanks to its simplicity and the super-clear narrative, many in the public domain latched onto it, including the powerful movie industry, which further propagated this idea without any real proof or solid information behind it.
But, while the notion that crypto is a nest of criminals clearly is not true, an interesting story recently emerged from North Korea and a network of digital criminal organizations. That revelation shines a new light on the organizations that do indeed operate inside of the cryptocurrency ecosystem, even though they are not primarily a result of its existence. Furthermore, they also provide an insight into the world that might include a range of such organization, all with very much malicious intent on their minds.
The Case of North Korea
A few days ago, the US Treasury Department stated that a new set of sanctions against online groups in North Korea has been established. According to the same US agency, these groups are criminal ventures that created sophisticated ransomware campaigns as well as other cybercrime projects that all had the aim to subvert the international sanctions against Pyongyang. The US Treasury is certain that these attacks produced funds that had been used to build up and fund North Korea notorious missile program.
The majority of the ransomware attack had this form: the organizations would gain access to data a company and then ransom them. The company had a hard choice. Either they pay for getting back their access or their data is forever lost. It seems that those who decided to pay ended up funding the military preparations of a nation that many in the international community see as a rogue state.
In the same setup, apparently, cryptocurrencies played a crucial role and were used as a means of extracting funds that cannot be stopped or tracked through the regular financial system. At their supposed end, the same crypto was again turned back into fiat and rerouted back to the government and its military and research branches to carry the one with the missile program development.
The Use of Crypto
If the press release from the US Department of the Treasury is examined further, the data shows that the criminal groups used various means, but also various currencies in their undertaking. A part of the operations was also the previously mentioned ransomware attacks and these seemingly always employed cryptocurrency as a means of payment.
In fact, the agency also mentioned three groups by name. These are the Andarielm, Bluenoroff and the most famous of the pack, Lazarus Group. Now, any dealings of individuals or financial entities in the US and these groups are officially banned. The Treasury Department also stated that these sanctions are fully in accordance with the wide UN legal framework that is in place related to general sanctions against North Korea.
Of course, the entire principle of using crypto for digital crime is the fact that it stops any traditional sanction from working. While payment by wire in any fiat currency would demand a range of traditional financial stops, any of which would be open to blocking of the payment or financial forensics, payments in bitcoin work on a completely different level. Furthermore, a sent payment cannot be retrieved or canceled by a single party. Clearly, the same organizations, according to the document from the Treasury Office went for digital currency because they work very well in this type of setup.
The most notorious entity among the three organizations here is the Lazarus Group. They have previously gone after a big target, not avoiding institutional players. Their hits focused on military, financial and government institutions, but also big companies. These were generally those involved with critical infrastructure, shipping, and publishing.
It is widely believed that Lazarus was made directly by the government of North Korea. The date of its birth is set usually around 2007 but the precise details are murky for clear reasons. The biggest criminal enterprise of the group was the WannaCry 2.0 ransomware attack that was a hugely destructive event. The same malicious software spread across the globe and impacted hundreds of thousands of computers, freezing them and asking for crypto in return for access.
Lazarus Group is so powerful and relevant that many believe that the other two mentioned organizations are basically offshoots it made over the years. While each apparently specializes is some different approach to malicious attack, their connections are, according to the US sources, directly tied to Pyongyang.
Just like in other cases of this nature, the first and biggest question is the cost to benefit problem with running an operation like Lazarus Group. While most non-governmental organizations like this find their members from the world of technology, esports, and other novel digital ventures, an operation by North Korea itself has to be a very centralized operation.
It has very few members of a free and tech-savvy population to organically draw from, so it needs to set up schools and academies for the chosen members. All of that is likely tied to other cyber units of the military, meaning an even larger system. Having in mind how many people and businesses actually paid during WannaCry it is clear that the money was stolen and ransomed this way is not huge.
That means that in a strange way, a project like the Lazarus Group are more or fewer vanity ventures. The amount of money other countries are using in the crypto form to avoid sanctions is also minuscule. All this points to an undertaking that is more sizzle than steak in every relevant political and financial aspect of it.