View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

North Korea has stolen $721m worth of cryptocurrency from Japan in the past five years

Hackers linked to the government in Pyongyang regularly target foreign adversaries looking to steal funds.

By Claudia Glover

North Korean hackers have stolen cryptocurrencies worth $721m from Japan in the past five years, a report revealed this week. The long history of animosity between the countries, and the close association between Japan and the US, is likely to be behind the trend, researchers say.

Japan has been the main target of North Korean hackers since 2017. (Photo by Astrelok/Shutterstock)

This figure is equal to 30% of the total of such losses worldwide, states the report. The research was carried out by UK cryptocurrency research company Elliptic on behalf of Asia Nikkei.

North Korea has stolen $721m from Japan since 2017

According to Elliptic’s findings, Japan is the worst hit by North Korea’s worldwide cryptocurrency raids, suffering $721m in thefts out of a global $2.3bn between 2017 and the end of 2022. 

Vietnam was the next largest victim, having lost $540m, the US following with $497m and finally Hong Kong, which suffered losses to the Diplomatic Republic of North Korea (DPRK) of $281m.

North Korea is well known for using cybercrime to bolster its economy. A report released by the United Nations earlier this year asserted that hackers working for the government in Pyongyang stole more assets in 2022 than in any other year, all the while targeting the networks of foreign aerospace and defence companies.

“(North Korea) used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance, and to steal information of potential value, including to its weapons programmes,” independent sanctions monitors reported to a UN Security Council committee.

The report follows finance ministers and central bank governors in Japan calling for leaders of the G7 group of nations to recognise the “growing threat from illicit activities by state actors,” in response to the rise in cybercrime. The G7 meets in Japan this week.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Japan needs to boost its cyber defences

To counter the threat of neighbouring countries targeting their cryptocurrency and valuable data, Japanese companies must tighten their cyber defences. 

In the past week Japanese car manufacturer Toyota disclosed a data breach on its cloud platform, admitting that sensitive car location data of over two million customers has been publicly accessible for the past ten years.

The data breach, exposing 2,150,000 customers’ data was caused by a database misconfiguration

“It was discovered that part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation to manage had been made public due to misconfiguration of the cloud environment,” reads a breach notice issued by the company.

“After the discovery of this matter, we have implemented measures to block access from the outside, but we are continuing to conduct investigations, including all cloud environments managed by TC. We apologise for causing great inconvenience and concern to our customers and related parties,” the notice continued.

Such mishaps must be guarded against if the country is to maintain its defences against North Korean state-sponsored hackers.

The ties are so deep between the two countries that this sort of targeting is inevitable, explained Mitch Haszard, threat intelligence analyst at Insikt Group:

“From a relationship standpoint, North Korea has a long history of interaction with Japan since the end of the Korean War, but there also remains considerable historical animosity between Japanese and Korean societies,” Haszard says.

This is exacerbated by Japan’s public allegiances with the US, “one of the DPRK’s primary adversaries,” making Japan a perennial target for North Korea, the analyst adds.

North Korea’s perilous financial situation means its cyberattacks are less politically targeted and more focussed on financial gain, says Allan Liska, CSIRT at security vendor Recorded Future.

“Unlike most nation-state threat actors, North Korea has basically become a cybercriminal enterprise that occasionally does espionage,” Liska says. “Because North Korea is so isolated from the rest of the world in terms of both economic activity and geopolitics they need to raise funds to operate the country however they can and cryptocurrency theft is one of their main tools for doing so.”

Read more: North Korea’s Holy Ghost ransomware targets SMEs

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.