Stack of golden Monero coins showing increased crypto mining activities by North Korea

North Korea Steps Up Crypto Mining of Monero to Evade Biting Sanctions

According to a US-based cybersecurity firm, Recorded Future, North Korea has intensified its cybercrime and crypto mining activities as a strategy of evading sanctions imposed on the authoritarian regime. The firm noted that the crypto mining activity of the crypto coin Monero (XMR) had increased 10-fold since May 2019. At the same time, Bitcoin mining, traffic volume, and rate of communication with peers has also remained steady during the last two years. Another report by the United Nations Security Council shows that the nuclear-armed government has stolen over $2 billion by employing sophisticated cyber-attacks on various institutions and computer users across the world.

Why is Monero such a good option for North Korea?

North Korea has stepped up the crypto mining of the coin Monero for various reasons. Firstly, the crypto mining of Monero does not require any specialized machines for the activity to take place. Monero Crypto mining can take place on standard devices, thus freeing the cash-strapped communist regime from the need to import any specialized hardware. The activity also allows the country to cut on operating costs. Another reason is that Monero transactions are anonymous, making it easier for North Korea to avoid transaction tracking and thus evade sanctions. Additionally, Monero is popular with cyber criminals such as the hacking group, Outlaw, who use the coin as the method of exchange for their ransomware tool, WannaCry, thus making the cryptocurrency more lucrative than bitcoin. Monero also allows miners to scale their activities by using various ports, such as 3333 for low-end machines and 7777 for higher-end devices. This allows the country to apply more than just one computer to conduct its crypto mining activities.

Although the nuclear-armed regime has shown more interest in mining Monero cryptocurrency, it is also involved in trading, theft, and mining of other coins such as Bitcoin and Litecoin.

North Korea’s crypto mining and state-sponsored cybercrime activities

The report by Recorded Future shows that North Korea is involved in the exploitation of cryptocurrencies and blockchain technology, online banking fraud, and breaching of information systems. According to the report, “cryptocurrencies are a valuable tool for North Korea as an independent, loosely-regulated source of revenue generation, but also as a means of moving and using illicitly obtained funds.” It is common knowledge that the nuclear-armed regime was involved in cryptocurrency trading as a means of mitigating the sanctions facing the country. However, the administration is also involved in stealing cryptocurrencies and crypto mining. The country has been involved in the hacking of South Korean cryptocurrency exchanges. In addition, North Korea is engaged in various cybercrime activities involving hacking and obfuscation.

An example is the North Korean-linked hacker group, Lazarus, that used Telegram to steal cryptocurrencies from cryptocurrency investors around the world. The group was also involved in spreading malware through the same platform putting millions of users’ crypto wallets at risk. The regime in Pyongyang is also conducting DNS tunneling to transfer data involving their cybercriminal activity. Apart from the civilian state-sponsored cybercriminals, the government also involves its military in crypto mining. Internet data from the country showed an increase in internet usage by over 300%. Most of the internet data usage comes from obfuscated IP addresses implying criminal intent. This activity cannot be linked with civilian use since the access to the internet in the regime is a privilege for high ranking individuals and the military.


Staff Correspondent at CPO Magazine