North Korean Internet Use is up 300%, is Your Crypto at Risk?

North Korean Internet Use is up 300%, is Your Crypto at Risk?

A recent study by a US-based cybersecurity company, Recorded Future, through its intelligence department, Insikt Group, has indicated that North Korean internet use is up 300 percent in the last three years.

Titled “How North Korea Revolutionized the Internet as a Tool for Rogue Regimes”,the study has recorded major changes in hours when North Koreans are using the Internet. For example, unlike in 2017 when Internet usage was high during the weekends, North Koreans are now heavily using the Internet “on weekdays during North Korean working hours.” This indicates that the country is shifting from casual to professional use of the Internet.

The study attributes the rise to: “A number of factors, including the increased use of the Russian-routed TransTelekom infrastructure, the use of some of North Korea’s previously unresolved IP space, and the standup of new mail servers, FTP servers, and DNS name servers to support an increased traffic load.”

Notably, the study notes that the spike in Internet usage has largely been fueled by North Korean leaders. Unfortunately, the rise may probably not be for the good. North Korea’s president Kim Jong-un, is believed to be leveraging the Internet to increase access to the country’s government-owned insurance firms to generate revenue through insurance fraud together with other cybercrimes.

However, to override government-imposed content controls in other jurisdictions, North Korea has its own virtual private network that uses DNS tunneling by exploiting domain name service.

“the DNS process is used not for a domain resolution, but to transfer data or tunnel inside of a closed network. … this technique could be used by North Korean users to infiltrate data from the networks of unsuspecting targets.”

crypto-investors-have-a-reason-to-be-worried">Why Crypto Investors Have a Reason to be Worried

While this phenomenon seems so far from crypto users, investors and or hodlers, there’s a reason to worry. The study notes that North Korea’s military and political class have been involved in high-level hacking of cryptocurrency exchanges especially in South Korea, cryptocurrency mining, crypto-jacking, and spreading ransomware.
For example, due to Monero’s low processing power and anonymity, the study has observed a ten-times increase “in Monero mining activity from North Korean IP ranges since May 2019.” This makes it easy to be used for cryptojacking purposes as opposed to Bitcoin.

Also, high-level crypto exchange hacks have been traced back to North Korea with major crypto exchanges like Bithumb, Coinis, and Coincheck hacked in 2017 and 2018. Out of a total of $877 million hacked from exchanges between 2017 and 2018, North Korean groups made away with $571.3 million.

According to CNN: “The report, submitted to the UN North Korea sanctions committee, accuses North Korea of using hackers to conduct ‘forced illegal transfers of funds from financial institutions and cryptocurrency exchanges, launder stolen proceeds and create income to avoid international sanctions.’”

According to Recorded Future:“The attacks on financial institutions have been conducted via the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network, where after gaining initial access to the SWIFT terminal, North Korean operators then executed a series of fraudulent transactions.”

How Exchanges Are Minimizing The Amount Hacked And Enhancing Traders’ Experience

Due to the large amounts hacked from exchanges, major exchanges like Binance and Dexive, are opting to build a decentralized instead of a centralized exchange. Unlike in a centralized platform where the users don’t have complete control, a decentralized exchange (DEX) gives users complete control over their cryptos.


Some like Dexive are going a step further and incorporating a social aspect on their platform to bring together the crypto community not only to trade but to also share information. Additionally, the platform enhances traders’ experience by providing features like trade on chart, technical alerts, cross-exchange trading, among others that either not available or poorly implemented on other decentralized exchanges. Being a non-custodial DEX, Dexive’s option for real-time price alerts based on technical indicators makes the difference between a loss and profit when trading for both beginners and advanced traders.

Apart from price alerts, Dexive goes beyond the barriers of traders being confined to a single exchange and instead offers liquidity from different exchanges. Buyers and sellers can then decide which exchange will give them the best value.

Countries Are Unknowingly Hosting North Korean Agents

North Korea’s strategic use of the Internet has not only provided revenue but also helped in obtaining classified data on cyber operations and ballistic missile plans of other countries. Interestingly, to build capacity, North Korea sends its agents abroad for specialized training on nuclear-related concepts against the United Nations guidelines.


According to defectors, “North Korean operational apparatus composed largely of operators and programmers living in facilities overseas, tasked with the overarching goal of generating revenue for the Kim regime.”

With such a confession from defectors, a spike in Internet use in North Korea may indicate it’s time for crypto investors to tightly guard their digital wealth. This can be done by using decentralized exchanges when trading and storing their crypto in secure wallets.

Read more