Summary of Key Points
What strategies do North Korean cyber groups employ?
North Korean cyber groups utilize tactics such as fake job interviews, AI tools like ChatGPT and DeepSeek, and advanced cyber techniques.
Which Cambodian platforms are connected to laundering stolen cryptocurrency?
Huione Group and its subsidiary Huione Pay.
Recent reports reveal that North Korea has managed to steal nearly $2.84 billion in cryptocurrencies since early 2024, with $1.65 billion stolen in the current year alone.
Insights into North Korea’s Cryptocurrency Theft
The Multinational Sanctions Monitoring Team (MSMT) led by South Korea has shed light on North Korea’s ongoing cyber theft operations, targeting major exchanges in Asia and the Middle East.
Experts suggest that the stolen digital assets, channeled through brokers in China, Russia, Hong Kong, and Cambodia, are used to finance Pyongyang’s sanctioned weapons programs.
In response to these findings, the foreign ministry of Seoul stated in a press release:
“The publication of this report is expected to bring international attention to North Korea’s ongoing breaches of U.N. sanctions through its cryptocurrency thefts and overseas IT operations, while highlighting the increasing sophistication and risks of its cyber activities.”
What are the methods employed?
The report specifically points out North Korea’s use of Cambodian financial platforms like Huione Group and Huione Pay to launder stolen cryptocurrencies.
Further investigation revealed that hackers associated with the reclusive regime breached prominent exchanges such as Bybit in the UAE, DMM Bitcoin in Japan, WazirX in India, and BingX and Phemex in Singapore.
They proceeded to launder and convert the stolen assets through brokers in China, Russia, Hong Kong, and Cambodia.
Additionally, approximately 1,000–2,000 North Korean IT professionals continue to operate in at least eight countries, with many linked to U.N.-sanctioned entities and sending a significant portion of their earnings back to their home country.
These cyber groups have refined their strategies over time, incorporating tactics like fake job interviews and leveraging AI tools such as ChatGPT and DeepSeek.
A tumultuous 2025
Earlier reports from AMBCrypto highlighted a challenging August for crypto users and exchanges, with PeckShield, a blockchain security firm, reporting a total of $163 million in stolen assets.
The largest single theft occurred on August 19, when a Bitcoin holder fell victim to a social engineering scam.
Attackers posing as hardware wallet support agents deceived the user into disclosing credentials and transferring 783 BTC to them, subsequently routing the funds through Wasabi Wallets to conceal their tracks.
Furthermore, Turkey’s largest crypto exchange, BtcTurk, suffered a significant breach, losing an estimated $48–54 million due to hackers compromising hot-wallet keys.