Security expert: North Korea has turned cryptocurrency theft into a way to finance military spending, and it has become a systemic threat

Gate News message. On April 12, as North Korea’s infiltration and attacks targeting the crypto industry continue to escalate, security experts say its core difference from hackers with backgrounds in other countries is that crypto assets have become a crucial direct source of financing for maintaining military expenditures. According to reports, in a recent infiltration operation targeting the Drift Protocol that lasted for months, North Korean hackers once again sent shockwaves through the industry. Experts say this pattern is not merely a “fund transfer tool,” but rather direct “plunder-driven profit,” used to bypass international sanctions and obtain immediately usable hard-cash funding. Security researchers point out that, unlike countries such as Russia and Iran, North Korea has almost no sustainable capacity for external economic activities and commodity exports, so it relies more on crypto theft as its core revenue source to support nuclear weapons and ballistic missile programs. Experts also emphasized that North Korean hackers’ attack targets have shifted from simple phishing to include exchanges, wallet services, and key-privilege holders of DeFi protocols, and they commonly use long-cycle social engineering and identity-impersonation infiltration methods. Because blockchain transactions are “once confirmed, irreversible,” the crypto industry is far weaker than the traditional financial system in freezing funds and recovering them, making such attacks more destructive in terms of speed and scale. Security personnel warn that this kind of “long-term lurking + precise power seizure” attack pattern has not yet been effectively addressed by the industry.