Ari Redbord: North Korea’s cybercrime generates a billion dollars annually, social engineering tactics are evolving, and state-sponsored hacking poses global finance risks | Bankless

Key Takeaways

• North Korea has become adept at cybercrime, leveraging it to compete globally despite lacking a traditional economy.
• Crypto is increasingly being used by state actors as a tool for stealing and laundering funds.
• North Korea’s cybercrime operations have evolved to average about a billion dollars stolen annually.
• There has been a tactical shift from targeting technology to focusing on social engineering.
• North Korean proxies are infiltrating the crypto space by engaging with developers at conferences.
• Social engineering tactics have enabled North Korean hackers to exploit vulnerabilities in protocols like Drift.
• The Drift hack on the Solana network was one of the largest, highlighting significant security challenges.
• North Korean hacking groups are not independent; they operate under state direction.
• The professionalization of cybercrime is a strategic move by North Korea in the absence of a traditional economy.
• The use of proxies allows North Korean hackers to engage with crypto developers without raising suspicion.
• North Korea’s cybercrime tactics have become more sophisticated, focusing on both social and technical vulnerabilities.
• The misconception that North Korean hacking groups operate independently is challenged by their direct connection to state actions.
• Understanding the geopolitical implications of state-sponsored cybercrime is crucial for global finance.

Guest intro

Ari Redbord is Global Head of Policy at TRM Labs. He previously served as Senior Advisor to the Deputy Secretary and Undersecretary for Terrorism and Financial Intelligence at the US Treasury, where he worked with OFAC and FinCEN to combat illicit finance by North Korea and other rogue actors. Before that, he spent eleven years as an Assistant US Attorney prosecuting threat finance, crypto, and national security cases.

North Korea’s professionalization of cybercrime

• North Korea has turned cybercrime into a professional operation to compete globally.

• This is a country with absolutely no economy whatsoever and yet they’re competing on the global stage because they’ve professionalized cyber crime essentially

  — Ari Redbord

• The country’s reliance on cybercrime is due to its lack of a traditional economy.
• Crypto is now a key tool for North Korea to steal and launder funds.

• It’s always been how do we steal and then ultimately launder funds and crypto is just the latest iteration of that

  — Ari Redbord

• The scale of North Korea’s operations is significant, with about a billion dollars stolen annually.

• What they’ve now done over the last five or six years is stolen essentially averaging about a billion dollars a year

  — Ari Redbord

• The professionalization of cybercrime is a strategic move by North Korea.

Evolution of North Korean cybercrime tactics

• North Korea’s targeting strategy has shifted from technology to social engineering.

• When you talk about the targeting it’s moved from sort of targeting the technology to really social engineering at scale

  — Ari Redbord

• This shift enhances the effectiveness of cyber attacks.
• North Korean proxies engage with developers at conferences to infiltrate the crypto space.

• They sent proxies to these conferences to meet individuals who were building these protocols

  — Ari Redbord

• The use of proxies allows hackers to appear less suspicious.

• Essentially it had to be right… here what you had was clearly proxies

  — Ari Redbord

• This tactic poses significant risks to developers in the crypto industry.

Social engineering and the Drift hack

• North Korea’s social engineering tactics led to the exploitation of vulnerabilities in the Drift protocol.

• Ultimately what they were able to do was gain access to the protocol itself

  — Ari Redbord

• The Drift hack was one of the largest on the Solana network.

• This was programmatic on April 1… which resulted in 31 withdrawals in twelve minutes

  — Ari Redbord

• The hack highlights the intersection of social engineering and technical exploitation.
• Understanding these tactics is crucial for improving crypto security.
• The scale of the Drift hack underscores the need for robust security measures.
• North Korea’s approach combines social manipulation with technical expertise.

State-sponsored cybercrime and global finance

• North Korea’s cybercrime activities have significant geopolitical implications.
• The country’s operations impact global finance and security.
• State-sponsored cybercrime is becoming a major concern for international regulators.
• Understanding these activities is crucial for developing effective countermeasures.
• The professionalization of cybercrime by states like North Korea poses new challenges.
• Crypto’s role in these activities highlights the need for better regulation.
• The global community must address the risks posed by state-sponsored cybercrime.
• Collaboration is essential to combat the evolving threats in the digital space.

Misconceptions about North Korean hacking groups

• The notion that North Korean hacking groups operate independently is a misconception.

• I would never use that term in our writing or the way we talked about these things these are state actors’ hard stop

  — Ari Redbord

• These groups are directly connected to the North Korean government.
• Understanding their structure is crucial for addressing the threat they pose.
• The direct connection to state actions challenges common perceptions.
• Recognizing this relationship is key to developing effective counter-strategies.
• The misconception about autonomy hinders efforts to combat these groups.
• Acknowledging their state ties is essential for international security efforts.

North Korea’s reliance on cybercrime for funding

• Cybercrime is a primary means of funding for North Korea.

• They’ve professionalized cybercrime essentially there is absolutely no economy

  — Ari Redbord

• The country’s economic reliance on illicit activities is significant.
• Crypto provides a new avenue for these activities.
• The professionalization of cybercrime is a strategic necessity for North Korea.
• Understanding this reliance is crucial for addressing the threat.
• The global community must address the economic drivers of North Korean cybercrime.
• Effective countermeasures require an understanding of North Korea’s motivations.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.