North Korea has surpassed El Salvador and Bhutan to become a major holder of BTC, as its hacking of cryptocurrency exchanges and fund movements through DeFi platforms have led to a rapid increase in its BTC holdings. This has raised concerns about the need to strengthen exchange security and the use of certain DeFi protocols as money laundering channels for hacked funds.
According to data from Chainalysis, the North Korean hacking group 'Lazarus Group' currently holds 13,518 BTC (about $1.13 billion). This figure significantly exceeds the holdings of El Salvador (6,118 BTC), which has adopted BTC as legal tender, and Bhutan (10,635 BTC), which is engaged in large-scale mining.
North Korea's BTC holdings increased significantly after the Bybit hack on February 21, 2024, which caused the largest loss in cryptocurrency exchange history at $1.4 billion. The Lazarus Group converted most of the stolen Ethereum to BTC through 'THORChain'.
After the Bybit hack, the Lazarus Group converted the stolen Ethereum to BTC through THORChain in just 10 days. According to Bybit CEO Ben Zhou, 72% (361,255 ETH) of the stolen funds were moved through THORChain, far exceeding the trading volume through other DeFi services.
Hackers also used other DeFi platforms like Uniswap and OKX DEX, but the scale of funds moved through THORChain was overwhelming. THORChain is estimated to have earned at least $5 million in fees from this transaction.
Federico Paesano of Chainalysis argues that this was a simple conversion rather than full money laundering, as the stolen ETH was converted to BTC in a traceable manner.
THORChain is a decentralized swap protocol, and unlike mixers, the flow of funds is traceable. However, the rapid movement of large-scale hacked funds through this channel has raised awareness about the role of exchanges' security and DeFi protocols.
North Korea has carried out continuous cyber attacks, stealing $380 million from Japan's DMM Bitcoin and $615 million from the Ronin Network, even before the Bybit hack. In addition to BTC, the Lazarus Group holds various cryptocurrencies worth around $30 million, including ETH, BNB, DAI, and BUSD.
According to a White House official, North Korea is funding about half of its WMD and ballistic missile programs through such cyber attacks and cryptocurrency theft. Despite international sanctions, North Korea's cybercrime continues.
Rachel Lin, CEO of SynFutures, said that the strength of true decentralized platforms lies in their neutrality and censorship resistance. She suggested that while human intervention goes against the spirit of decentralization, protocol-level innovations can automate safeguards against illicit activities.
Exchange security vulnerabilities have become a major target for hackers, and the Bybit hack has had a significant impact on the industry. DeFi protocols have come under scrutiny as channels for the movement of hacked funds.
Experts advise that strengthening exchange security should be the priority, and DeFi protocols should explore technical solutions to prevent their use as conduits for criminal funds. This should be done in a way that preserves the values of decentralization while building a responsible ecosystem.
The United States and the United Kingdom remain the top BTC holders, with 198,109 BTC and 61,245 BTC, respectively. The US plans to build strategic BTC reserves using cryptocurrency assets seized in criminal and civil cases.
The increase in North Korea's BTC holdings shows that state-level cryptocurrency accumulation through hacking has emerged as a new international security issue. This calls for a balanced approach that strengthens exchange security while ensuring that the DeFi ecosystem can innovate without becoming a channel for illicit fund movements.
