Legit vs. Illicit Crypto: North and South Korean Approaches Compared

North and South Korea: divergent political situations and divergent approaches to crypto.
North and South Korea: divergent political situations and divergent approaches to crypto.

South and North Korea may be separated by a border that's only 2.5 miles wide, but the two nations couldn't possibly be more different, at least when it comes to crypto. South Korea has emerged over the past few years as one of the world's major crypto-trading centers, with the BTC-KRW (Korean won) market being the fourth biggest among national fiat currencies. By contrast, most North Koreans have almost zero knowledge of cryptocurrencies, even though their government has been engaging in Bitcoin mining and the hacking of crypto exchanges in a bid to secure an alternative revenue stream.

As the following analysis will explain, this marked divergence is a product of similarly divergent conditions. South Korea is the 11th biggest economy in the world and ranks highly in more than one global index of innovative nations. Meanwhile, North Korea is one of the globe's poorest nations, with an estimated GDP of around $40 billion. Its situation also isn't helped by the fact that it's ruled by a totalitarian, one-party government that makes individual enterprise all-but impossible, and that it's subject to a range of international sanctions.

Yet, it's this combination of autocracy, sanctions and poverty that, interestingly enough, has led the North Korean government toward crypto as a means of propping itself up and pursuing its own ends. Which goes to show that, just as individuals in developed nations sometimes use crypto to circumvent national laws, isolated outlaw states such as North Korea use it to circumvent international laws.

South Korea

Country snapshot (South Korea)

South Korea's relationship with crypto is largely comparable to that of other rich, developed nations. And in terms of popularity among traders and the general public, cryptocurrencies have done very well in the East Asian nation, with such crypto exchanges as Bithumb and Coinplug being launched as early as 2013.

As an indication of how quickly the market has grown in South Korea, CryptoCompare recorded a 24-hour BTC trading volume of only 5.33 Bitcoins on Dec. 10, 2014 on such Korean exchanges as Bithumb. By contrast, Jan. 5, 2018 witnessed a 24-hour volume of 32,395. In other words, there is an extraordinarily healthy crypto market in South Korea, as indicated by the fact that as many as 31 percent of Korean employees reported investing in cryptocurrencies in a survey published at the end of 2017.

This is also borne out by the strong position of many South Korean crypto-exchanges. According to CoinMarketCap, Bithumb is the second biggest market for Bitcoin (behind Binance), while it's the fifth biggest exchange overall in terms of 24-hour volume. Added to this, Upbit, Coinone, Korbit and GOPAX currently stand as the 7th, 48th, 59th and 76th biggest exchanges in the world by daily volume.

And according to one Bithumb source who spoke anonymously to Quartz at the beginning of the year, such exchanges have the means and resources to continue growing:

"They have so much money to buy the latest and greatest stuff. They can throw money at servers. Spending $40,000 to $50,000 on a server is not a problem for them."

They're also helped by the fact that, for economic and cultural reasons, South Koreans have become almost obsessed with crypto, with the source reporting that Bithumb can have as many as 100,000 users buying and selling on its exchange at any given time. "It’s a fact that so many South Koreans are trading on a minute-by-minute basis," he or she said, before adding that this enthusiasm ultimately worked in favor of Bithumb and exchanges like it, "They more or less got lucky in terms of growth. And they know how to throw money at the problem.”

Cracking down

While South Korea's position as one of the most innovative nations in the world has no doubt helped it reached such heights, the situation for traders and crypto exchanges has been made more difficult recently. Beginning in September 2017, the South Korean government started cracking down on various aspects of the crypto industry, with the first victim being Initial Coin Offerings (ICOs): The nation's financial regulator — the Financial Services Commission (FSC) — announced that it would make raising money via the sale of virtual currencies illegal, following in the footsteps of China, which banned ICOs at the beginning of the month.

The FSC declared in a statement that it will ban "all forms of Initial Coin Offerings regardless of using a certain technology or a certain name." Explaining the reasoning behind the move, Vice Chairman Kim Yong-beom said:

"There is a situation where money has been flooded into an unproductive and speculative direction."

In the months that immediately followed this announcement, things only got worse for crypto. Reports emerged that the government was also planning to ban crypto exchanges, citing the argument that crypto trading is a “deceptive” practice. Luckily, the South Korean president – Moon Jae-in – quickly moved to quell such reports, stating in January that there will be no ban on cryptocurrency trading. However, even with his intervention, the government did follow through with its plans to ban anonymous trading, with Korean exchanges implementing Anti-Money Laundering (AML) measures on Jan. 30.

Since then, there have been a number of other government actions intended to tighten the regulatory regime, yet they've generally had the effect of further legitimating the crypto industry, thereby making crypto trading more consumer friendly and popular.

In April, the Fair Trade Commission (FTC) ordered 12 Korean exchanges to update their contracts so as to provide more protections for customers. A month later, the FSC joined an investigation led by the Financial Supervisory Service (FSS) into a number of exchanges and how they comply with the Anti-Money Laundering (AML) legislation. While this might ostensibly seem like bad news for such exchanges, the leaders at both the FSC and FSS had recently expressed positive sentiments toward cryptocurrencies and blockchains. "Regarding cryptocurrencies, there are some positive aspects," said Yoon Suk-heun, when he was confirmed as the new FSS governor in May, and when he revealed his intention to oversee the relaxation of South Korea's crypto regulations.

Easing regulations

And it would indeed seem to be the case that there is a political will to not only ease regulations in South Korea, but to support the development of the blockchain and cryptocurrency industries. In May, it emerged that a number of South Korean lawmakers were planning to challenge the government's ban on ICOs, after a bill was introduced in the nation's parliament that proposed legalizing ICOs that met certain criteria, such as being run by public organizations and research groups. Following the introduction of this bill, the government announced its intention to overturn its ICO ban, although so far this intention hasn't been realized.

Still, the South Korean crypto industry has received plenty of good news since the end of May. In June, the investigation into Bithumb ended, with the government finding no evidence of wrongdoing at the exchange. Later in the month, the FSC proposed making AML rules stricter for exchanges, something which would serve mostly to clean up their image, while the Ministry of Science revealed that it would raise over $200 million in funding for the development of various blockchain projects.

As all this governmental drama unfolded, the popularity of cryptocurrency in South Korea remained strong, despite a fading off of interest after the December-January frenzy. According to CryptoCompare, the monthly KRW-BTC volume was KRW 80.7 billion on June 1 (about $71.5 million), with intermittent increases being seen on such dates as June 10 and July 24, when monthly volumes were KRW 121.7 billion (roughly $108.7 million) and KRW 145.4 billion (around $129.9 million) respectively. Meanwhile, some sources (e.g., the CEO of the South Korean crypto investment fund Hashed) reported that as many as 50 percent of Korean professionals had now invested in cryptocurrencies.

And it's likely that the climate will remain favorable to crypto in the coming months and years. For one, draft bills on cryptocurrencies, ICOs and blockchain tech were unveiled at the beginning of July, all with the aim of placing crypto on a more legitimate, safer footing for professional and casual investors alike. And secondly, there have been initiatives from privately run groups and institutions to boost the position of crypto within South Korea, as evidenced in plans disclosed in June by the Korea ICT Financial Convergence Association to build the country's answer to Switzerland's 'Crypto Valley.' The Association's chairman, Oh Jung-geun, said:

"We need a place to concentrate on the cryptographic industry in Korea like the Crypto Valley in Switzerland."

And while the enterprise hub in Busan hasn't been built yet, its announcement is perhaps the strongest sign to date that investors and entrepreneurs within South Korea are confident that the government will now be nurturing crypto, rather than keeping it restricted.

North Korea

Country snapshot (North Korea)

In contrast to South Korea's entrepreneurial climate, its strong traditions of innovation and R&D, plus its tech-savvy population, North Korea is possibly one of the worst environments on Earth for crypto. Not only is it a repressive one-party state in which the economy is predominantly nationalized, but more simply, it suffers from extremely low levels of internet penetration. According to cybersecurity firm Trend Micro, there are only 1,024 IP addresses in the entire country, compared to 112.3 million in South Korea, 1.6 billion in the United States and 4.3 billion globally.

Put simply, there just aren't anywhere near enough people with access to the internet to make use of cryptocurrencies on a non-negligible scale. So any attempt to measure national trade volumes for North Korea and compare these against South Korea's would be futile, since there is no North Korean trade in cryptocurrencies, at least not among the general population. And by extension, the government hasn't announced any policies or pieces of legislations that target crypto trading, since there isn't any need for legislation on a particular activity when this activity effectively doesn't even exist.

Hacks

But even though the vast majority of North Koreans have no experience or knowledge of cryptocurrencies, the same can't be said of the North Korean government, nor of the nation's tech-focused research institutions. Since last year, officials in the communist state have launched a number of high-profile hacks, all with the aim of stealing Bitcoin and other cryptocurrencies. On top of this, the government has also begun mining crypto, indicating that its attraction to Bitcoin, Monero and other digital currencies resides largely with its desire for an alternative stream of revenue.

Indeed, the United Nations Security Council (UNSC) has imposed nine sanctions on North Korea since 2006, while the U.S., South Korea, Japan, Australia and the European Union have added their own specific injunctions between then and now. According to the Council on Foreign Relations, these are beginning to take their toll, with the September 2017 UNSC sanction alone likely to cut around $1.3 billion off North Korea's GDP. And for a country that has a total GDP of $40 billion, such a loss makes a noticeable difference.

It's in such a context that North Korea turned to crypto, beginning in May 2017 with the WannaCry ransomware attack. This attack exploited a bug affecting Windows XP and Windows Server 2003 (which were no longer supported by Microsoft and so didn't receive an all-important March update), using it to infect some 300,000 PCs in over 150 countries, including those belonging to such big companies and organizations as FedEx, Telefónica, Honda, the University of Montreal and the United Kingdom's National Health Service. The owners of infected computers were asked to pay a ransom in Bitcoin of either $300 (if they paid within three days) or $600 (if they paid within seven), and according to one Twitter bot that tracked wallets associated with the attack, it netted its perpetrators just over $142,000, which was taken out of the original wallets in the space of six withdrawals on Aug. 3, 2017.

However, this was only the beginning of North Korea's foray into cryptocurrencies, since it was blamed for the July 2017 Bithumb attack, in which the leaking of personal data enabled hackers to steal over $1 million in Bitcoin. South Korean officials also accused it of orchestrating the December 2017 hack on YouBit, which lost 17 percent of its assets in the breach and which had to shut down as a result. There was no statement from them on whether it might have also been responsible for the April 2017 hack on Youbit (in which nearly 4,000 Bitcoin was stolen), yet given that Youbit had to declare bankruptcy after the second attack, it's clear enough that they stole a big trove of BTC in the later incident.

Speaking to Cointelegraph, McAfee's lead scientist Christiaan Beek confirms that North Korea's exploits are generally effective, even if they aren't particularly elaborate:

"The attacks are successful. For example, the attack on Bithumb resulted in a value of $7 million (value of the crypto-currency at that time). The attackers impersonate public institutes in their phishing campaigns trying to lure the victims to open the attachments. The attacks range from using mobile malware to new exploits in Hangul Word Processor (Korean Language Word processor used by South Korea Government mostly). The attacks don’t seems to be very sophisticated but still demonstrates a range of advanced skills."

Other cybersecurity experts provide a more mixed evaluation of just how successful North Korea’s attempts at crypto hacking are. Fred Plan is a senior analyst with FireEye, and he suggests to Cointelegraph that, in some cases, the main objective may not even involve stealing cryptocurrency:

“We do not have sufficient information to measure the actual success of these efforts. It may be the case that the targeting of cryptocurrency-related services isn’t an attempt to target wallets or the currency itself, but instead are attempts to identify additional financial targets or accounts/information that could enable deeper operations that ultimately have nothing to do with cryptocurrencies (crypto being used as a ‘lure’). We have seen cryptocurrency-related targeting go both ways: crypto-related targeting against more traditional financial institutions using lures such as ‘the latest crypto news’ and ‘investing advice’ and the inverse — e.g., traditional financial lures targeting crypto-related services with lures such as ‘tax reporting advice’ and fake résumés.”

Regardless of their primary motives, such incidents certainly aren’t isolated. In September 2017, FireEye published a report which concluded that hackers based in North Korea were routinely attempting to hack South Korean crypto exchanges and steal Bitcoin and Ethereum from users. Aside from stating that regular hacking activity had begun around May, the report also noted that the attackers were mainly using phishing techniques, using fraudulent emails to dupe the employees of the targeted exchanges into downloading malware that would infect their computers. In November 2017, the South Korea Internet & Security Agency (KISA) published a similar report, which recorded a 370 percent increase in malware attacks in 2017, as well as 5,366 ransomware attacks targeting South Korea between January and September 2017.

"Hackers are boldly spreading malicious code not only to hunt for Bitcoins but to directly attack internet sites," said a KISA official. "Such attacks are likely to continue."

International cybersecurity experts agreed, with Crowdstrike CEO George Kurtz telling CNBC in December that North Korea was launching such attacks in order to stockpile crypto on the one hand, and on the other to find extra funding for their attempts to destabilize South Korea via digital warfare.

“I certainly think it highlights the capabilities that North Korea has in cyber […] It’s something a lot of companies should be concerned about, particularly those companies that are dealing in Bitcoin and cryptocurrencies.”

For most of the cybersecurity firms that have been investigating the hacks, one of North Korea's chief motivations is the need for additional revenue, given that the communist regime was feeling the brunt of international sanctions, and given that Bitcoin was approaching $19,000 by the close of 2017. McAfee’s Christiaan Beek tells Cointelegraph:

"In my opinion, the attacks are purely focused as an alternative source for income. It is in line with the attacks on financial institutes that already started since 2014. With the increasing value of cryptocurrency in 2017, we saw that no longer only financial institutes were interesting [in North Korea] but cryptocurrency-related services as well."

Mining and phishing Turkey

This assertion is bolstered by more recent developments, which show that North Korea is no longer zeroing in on mostly South Korean exchanges and targets. This March, McAfee released a report that pinned an attack on Turkey's financial sector — in which Turkish banks and financial institutions were on the receiving end of phishing emails — on cybercriminals working for the North Korean government, although it wasn't apparent whether they were successful in stealing any money.

In August, the Korea Development Bank (KDB) claimed in a report that North Korea had attempted to mine Bitcoin on a "small scale" between May and July 2017, although once again the fact that this attempt was apparently restricted to three months last year would indicate that it wasn't particularly lucrative. However, in September, reports came from Washington-based financial intelligence experts (via the Asia Times) that North Korea is “increasingly” using cryptocurrencies to avoid international sanctions. In particular, the report stated that it was obtaining crypto by illicit means (i.e. by hacking), and then selling this crypto on using a number of different accounts, exchanges and cryptocurrencies, so as to convert their ill-gotten gains into fiat without anyone being able to directly trace them to the original source.

As for the question of whether the international community can be confident that the North Korean government is the ultimate source of the breaches attributed to it, Beek affirms that the best available evidence does indeed point toward it as the culprit:

"When we look at ‘attribution,’ it’s all around context. From a technical review, one tends to look at technical indicators, but those could also contain false flags, something you always need to keep in the back of your mind. In our team, we look at the modus operandi, the so called TTP’s [tactics, techniques and procedures] and add to that the technical analysis of the malware/tools being used and the geopolitical context. On top of that, it’s important to ask the question, who would benefit from this attack, where does it fit in the geopolitical scene, would this be a typical cybercrime operation or are we looking at a different scenario, etc."

Fred Plan agrees, informing Cointelegraph that the attackers are tied to the North Korean government in variety of ways:

“These groups, such as TEMP.Hermit [i.e., ‘Lazarus’], consistently target organizations in a way that is uniquely in-line with North Korean state interests — spear-phishing against South Korean and U.S. defense and government agencies, for example. These activities have shifted around as the geopolitical situation changes, so the latest major shift toward financially motivated targeting follows on with increased sanctions and financial restrictions against the North Korean government. We believe this has made the regime increasingly desperate for funds, and this is reflected in cyber operations against banks and cryptocurrencies.”

And seeing as how there are only 1,024 IP addresses in North Korea, it's clear that the state is really the only actor capable of conducting such a malicious campaign. “The same groups described above have been linked to using North Korean internet infrastructure,” Plan explains.

“Because North Korea maintains extremely strict controls over communications and internet access in the country, it is highly improbable that anyone could be using [North Korea’s] infrastructure without the government knowing. It is more likely that the regime explicitly gives permission or even commands the use of it (as in the case of military cyber units). This means that aggressive operations linked to North Korea are effectively all state-sponsored.”

This assessment is further reinforced by most of the reports published to date on North Korean hacking, which usually identify the Lazarus/TEMP.Hermit hacking group as being responsible for the attacks. Added to this, other research has found that certain Monero mining malware sends its haul of coins to North Korean universities, which are state-run.

North and South

The different experiences of crypto in North and South Korea are perhaps the starkest possible indication of how, in order to thrive, cryptocurrencies need a nurturing, supportive environment. Cryptocurrencies are dependent on individuals already having certain personal freedoms, such as those that follow from sufficient levels of affluence and material development, and from the legally enshrined ability to act independently — at least in certain prescribed areas — of such dominant institutions as the state and the financial system.

In nations where such freedoms are severely curtailed, it's highly unlikely that any cryptocurrency will take root among the general population, even on a low level. This is exactly what has transpired in North Korea, whereas the experience in South Korea is largely the opposite, since it already has the level of infrastructural development and political liberty necessary for its population to adopt Bitcoin and other cryptocurrencies.

And as the activities of the North Korean government illustrate, this analysis is loosely applicable at the international level: If a nation has the means to use crypto, and if it's in a position of independence from the global community (i.e., the kind that comes from being a 'rogue' or relatively marginalized state that doesn't observe the laws of international diplomacy), then it may very well turn to cryptocurrencies, as has also been witnessed with Venezuela, Russia, Turkey and Iran.

That said, North Korea is a particularly extreme case of a nation turning to crypto, something which stems from the extreme nature of its situation. It can't issue its own state-backed cryptocurrency after the model of the Venezuelan Petro, since its population wouldn't have the means to use it, so instead it has reverted to the illicit use of crypto. And it's likely that it will continue with such use for as long as its remains in a parlous economic and political state, and for as long as there are unregulated exchanges willing to accept its ill-gotten coins.