Internet, cryptocurrencies & blockchains in North Korea

North Korea is considered as a secretive state, but, paradoxically, the country is developing last trend technologies. With prohibitions restricting the flow of money, the country is turning to bitcoin and other cryptocurrencies to finance their programs, instead of coming under new pressure.

  Pobierz ten materiał w  PDF

Instytut Boyma 26.06.2019



North Korea is considered as a secretive state. Paradoxically, the country is developing last trend technologies.

The scope of this work is related to the development of cryptocurrencies in the context of the DPRK. The report starts with a presentation of the IT sector in North Korea. The second chapter is focused on the development of Internet in North Korea. The two last chapters are dealing with North Korean’s IT attacks and the key organizations driving these issues.

The objectives of this study are to address key issues and critical paths for dangers associated to the bitcoins industry form the perspective of the DPRK. This report can be considered as crucial, as The IT sector in North Korea is a sub-cell of the North Korean economy which was analyzed only by a few western analysts.


1. The IT sector in North Korea


In spite of its secretive nature, the North Korean state proved its interests in ICT already in the 80’s[1]. The first public institution responsible for the development of the access to IT products was the KCC (조선컴퓨터위원회 – Chosŏnk’ŏmp’yut’ŏwiwŏnhoe ). One of its director was Kim Jong Nam (1971-2017), the eldest son of Kim Jong Il. He was appointed over there in the early 90’s. The latest known director is Han U-chol. The most famous North Korea IT product is probably the  Operating System  Red Star (붉은별; – Pulgŭnbyŏl), based on Linux and with a first development stage initiated in 1998 at the previously mentioned North Korean Computer Committee  is a North Korean Linux distribution, with development first starting in 1998 at the KCC. Version 3.0 was released in the summer of 2013, but as of 2014, version 1.0 continues to be more widely used.

To attract foreigners and IT specialists, North Korean authorities organized on a regular basis technological exhibition. The first one took place in 1999. During this event, the main North Korean universities (such as the Kim Il-sung University and the Kim Chaek University of Technology[2]) and public institutions (Pyongyang Information Technology Bureau) are promoting their knowledge and its latest softwares including linguistic translation tools, anti-virus programs and the organization of computer-based painting exhibitions. There are several other institutions which train North Korean hackers such as the University Mirim, the Computer Technology University of Hamheung[3], the Computer Technology University of Pyongyang[4], the Kim Il Sung Military Academy, and the Moranbong University[5].


2. Internet in North Korea


As of 2019, North Korea is known as being the only one in the world that does not grant an open access to its citizens[6]. However, there is an internal Internet in North Korea known as Kwangmyong (광명) providing e-shops, dating websites, news, and a content taken from Internet after the censorship[7]. The Kwangmyong network began to be developed in 1995, and was opened nationwide in 1998. The Kwangmyong network is only available within North Korea.


As stipulated before, there is no private Internet service provider in North Korea. However, some government elites are accessing the Internet via a Chine provider based in China. Thousands of companies and state organizations have intranet addresses. During the three years from 2004 to 2007, North Korea has connected optical cables for intranets to major cities and towns. The data transmission speed in Pyongyang is 70 ~ 80Mbps and the local speed is 10Mbps, which is the level of South Korea in 2000. In 2006 all intranet access at home were blocked and all PC rooms in Pyongyang were closed till 2015[8]. Foreigners have an access to Internet through special devices and the North Korean company Koryolink, however at a prohibitive rate (EUR 0,15 per Mb). This allow foreign reporters based in Pyongyang to wrote tweets in Pyongyang.


In 2010, Korean state organizations registered Twitter, YouTube and Facebook accounts. The majority of them were blocked by the previously mentioned western firms.


Table 2. Number of IP addresses in North Korea


Type (year between brackets) Number of registered IP adresses
Maximum (2013) 26100
Minimum (2008) 2800
Last data (2015) 13000
Previous data (2014 7700

Source: Trading Economics Korea. Data are provided for the period 2008-2015


The number of IP address assigned to North Korea consists of an important source of information as these IP addresses are more noteworthy. For instance, according to the AT&T Consulting company[9], some North Korean IP address are notorious as they were used to control compromised web-servers in a set of 2014/2015 attacks linked to North Korea known as BlackMine[10]. However, it does not mean that we deal with the same people involved in the 2014/2015 attacks.


The access to e-mails is also prohibited to a large extent. It’s impossible from abroad to send an email to North Korea if the receiver didn’t confirm your e-mail address to North Korean authorities. Furthermore, any answers are usually sent within a few days, which is an improvement as a few years ago, foreigner used to wait several weeks before getting any answer. North Korean diplomats have also only a group e-mail. In other words, diplomats attached to an embassy have only one e-mail for all diplomats.


3.    North Korean’s IT attacks


The continuing round of sanctions imposed on North Korea by the UN aims to target some of the country’s main external revenue streams. With prohibitions restricting the flow of money, the country is turning to bitcoin and other cryptocurrencies to finance their programs, instead of coming under new pressure. Moreover, it has been reported that Kim Jong-un’s regime targets cryptocurrency trading in South Korea, with at least three confirmed successful attacks. When attacking bitcoins platforms in South Korea, the Lazarus Group The first cryptocurrency-focused lure appears designed to obtain the emails and passwords of users of South Korean cryptocurrency exchange platforms (for instance from the platform Coinlink).


The most famous attack took place in 2014 and was related to Sony Picture’s hijacking and due to the movie “The Interview”[11]. One year later, the account of the Central Bank of Bangladesh at the Federal Reserve Bank in New York was robbered with USD 80 million. Hackers tried to transfer financial assets to some accounts localized in Sri Lanka and the Philippines. Unfortunately for them, on the 5th transaction, a mistake was done. Hackers wrote fandation instead of foundation, when they wanted to transfer some funds to an organization called Shalika Foundation. In 2017 due to the spread of the WannaCry virus, european institutions (and especially the Polish Financial Supervision Authority[12]) was hacked. On the same year, in October the Taiwan Far Eastern International Bank was also robbered[13]. During the following years, attacks were more focused on financial institutions in African countries, South Korea, or Vietnam. In march 2019, an Israeli institution was also attacked[14].


On the other side, North Korean authorities decided to participate to the cryptocurrencies market, considering it as a source of foreign currency. The first transactions of bitcoins in North Korea were realized in 2014[15]. In order to improve its image, North Korean authorities organized one Blockchain and Cryptocurrencies conference. The first one was supposed to be held in 2018. This event  called the “Korean International Blockchain Conference,” would take place in Pyongyang from September 27 to October 4. However, it was cancelled. Therefore a new edition was set up for 2019. This 7-days event held from April 18th till the 25th of 2019 was organized by the Korean Friendship Association and the consulting firm TokenKey led by the 30 years old Christopher Emms[16]. Emms originally reached out to KFA to help bring the conference to North Korea, following his experience speaking at similar events in other countries in recent years. The seminar attended by more than 100 people from North Korea and abroad took place at the Pyongyang University of Science and Technology[17]. Foreign experts were invited and provided lectures on protocols related to crypto-currencies such as “mining” or blockchain. The panels related to block-chains were screened on the 22&23 April. Other sessions were done under the form of field trip at the Kim Il-sung University, Panmunjom, and at the Daedong River Beer Factory. Participants to the conference visited the War Memorial, the Pyongyang Foreign Language University, the Juche Idea Tower, the city of Kaesong and Panmunjom[18].


According to a report prepared by the UN Security Council, North Korea has managed to extort more than $ 670 million in cryptocurrencies since the beginning of its activities in 2015. 571 million dollars were allegedly stolen directly from Asian cryptocurrency trading platforms during various hacks, such as the Japanese platform Coincheck in January 2018 where 532 million dollars were stolen of the platform Zaïf for $ 60 million. The South Korean e-commerce platform Interpark was also hacked. 10 million personal data were stolen in 2016[19].


4.    The Lazarus organization


North Korean authorities set up a militia dedicated to cyber-attacks to ensure cash flow while circumventing international sanctions. For several years, cyber security experts have identified this group of hackers as Lazarus[20]. The leader of the Lazarus group[21] is supposed to be Park Jin-hyok[22]. Born on the 15 August 1994, he completed his education at the Kim Chaek University of Technology, one of the top IT University of North Korea[23] where he acquired skills in Visual C++. He’s supposed to be an employee of Chosun Expo[24], a North Korean company based in northeastern China, in Dalian, a port city overlooking the gulf of Korea. He was working there between 2010 and 2014. During his malwares operations, he was also known as Kim Hyon-woo.


Sources indicate that he participated to the biggest North Korean hacks such as the WannaCry virus, which has infected hundreds of thousands of computers around the world such as the  hacking of the Central Bank of Bangladesh with a $ 81 million diversion[25]. He’s considered as the leader of the group of hackers Lazarus, responsible for the infiltration of the servers of the Sony Group. He also speaks English and Chinese. The Lazarus Kaspersky Lab estimates that Lazarus[26] has been active since at least 2009 utilizing the MYDOOM worm or and malicious .hwp extension files[27]. “Hwp files” are word processor file written in Hangul, the Korean writing system, used in both Koreas.

It must be also taken in consideration that even if the group of hackers are based in North Korea or at the Kim Il Sung University[28], it does not mean that they are North Korean, as North Korean education structures welcome also foreigner student, especially from China, Russia, and Vietnam.

Table 3. Structure of the Lazarus Group



Groups considered as substructures of the Lazarus entity Specialization Targets
Bluenoroff Attacks of foreign financial institutions Bangladeshi bank, Polish financial supervisory authority, South Korea Bitcoin companies, , South Korean Ministry of Defense,

SWIFT banking attacks

Andariel Attacks of private and public organizations South Korean companies, South Korean ATMs

Source: own research


North Korea specifically targets Southeast Asia, especially since the lifting of sanctions against the country, following the meeting in Hanoi last February between Kim Jong Un and US President Donald Trump, did not work out. Cryptocurrencies stolen by North Korea, such as Bitcoin, Ethereum or XRP, would be used to:


  • Fundraising: To meet its cash requirements, North Korea can obtain cryptocurrencies for the purpose of converting them into short-term currency.
  • Storing funds: North Korea could accumulate cryptocurrency reserves for the purpose of spending them or converting them into currency at a given time.
  • Bypass sanctions: North Korea could use cryptocurrencies to pay for goods, services and resources explicitly prohibited by international sanctions.

In December 2018, IssueMakersLab, a cybersecurity blockchain startup, explained that North Korean hackers had changed their strategy and were attacking crypto-investors directly rather than attacking crypto-exchanges.


The key-market for North Korean hackers remain South Korea as this country hosts some of the world’s largest and richest bitcoin exchange platforms. North Korean hackers try to obtain an access to less-know cryptocurrencies such as Monero, the 14th largest cryptocurrency by value as of 2018. Some studies demonstrated that North Korean hackers infected IT devices to mine Monero owners and send their cryptocurrencies back to North Korea[29]. It’s also possible to use bitcoins in North Korea but to an extent limited to 4 restaurants in Pyongyang[30]. In any case, It is very difficult for North Korea to expand its activities related to virtual currency due to lack of electricity, lack of high-performance computer, and lack of internet infrastructure.


There is a dedicated team of South Korean specialists dedicated to domestic attacks of Lazarus[31].

Unfortunately, according to Jay Rosenberg, a senior security researcher based in North America, who belongs to Kaspersky Lab’s Global Research Analyst Team (GReAT) “North Korea’s cyber capabilities are improving. They will continue to attack in the future using evolved attack techniques.”[32]




The findings can be summarized as follows.

  • To meet its cash requirements, North Korea can obtain cryptocurrencies for the purpose of converting them into real currencies. North Korean authorities use cryptocurrencies to have a viable source of income. Later North Korean authorities may use these cryptocurrencies for trading activities. As of 2019, North Korea has managed to extort more than $ 670 million in cryptocurrencies since the beginning of its activities in 2015.
  • Previously, most of this type of attack appeared destined to cause social disruption or covert data, and the targets were usually computer networks of government agencies or media companies in countries considered hostile. In recent years, North Korean pirates seem to be more interested in stealing money. “. Therefore, The strategy of North Korean specialists changed over the year, looking for the weak link. North Korean hackers are attacking crypto-investors instead of attacking crypto-exchanges or platforms.
  • We recommend to less advanced countries, which are more vulnerable to North Korean attacks, to regulate cryptocurrency platforms, and imposing anti-money laundering and anti-terrorist financing standards.
  • Although, according to the document, cryptocurrencies are likely to play only a peripheral role in general fundraising and tax evasion activities in North Korea, the authors indicate, however, that better coordination between the different countries in the region would make them less vulnerable to attacks by Kim Jong Un. It’s especially important in the context of South-East Asia, where the cryptocurrency sector is booming. Fortunately, Singapore is the most advanced country in regulating and regulating cryptocurrency platforms and shall play a role of mentor for less advanced countries such as Malaysia, the Philippines and Thailand, which are vulnerable to North Korean attacks.
  • Westerners who participate to the development of the bitcoin/blockchain industry in North Korean are young ventures people. We can’t blame them of the development of hacking industry in North Korea.
  • We have no information whether the Lazarus group consists only of North Korean workers.





Blockchain: The blockchain is a technology of storage and transmission of information, and functioning without a central control body. By extension, a blockchain is a database that contains the history of all the exchanges made between its users since its creation. This database is secure and distributed: it is shared by its different users, without intermediaries, which allows everyone to check the validity of the chain.

Cryptocurrency: Cryptocurrency or cryptographic currency is a 100% electronic and magnetic currency. Its value is the same as the currencies we use on a daily basis but it is virtual. The cryptocurrency was created based on the computer technology called blockchain.


Publikacja powstała dzięki wsparciu finansowemu Centrum Studiów Polska-Azja. 

This material can be found in Quarterly Boym – No. 1/2019


[1] Computers were also considered as gifts from Kim Jon gil for Senior Elites, especially in the early 2000’s. 북한 주요인사인물정보, 2017, 통일부, p. 692.

[2] The latest known head of the computer faculty of the Kim Chaek University of Technology is Rim Won-gi.

[3] The latest known head of this University is Ri Hak-sun.

[4] The latest known head of this University is Jeon Ja-hyok.

[5] Jang Sae-yul, 북, 정찰총국 해커부대 다시 중국에 진출, (accessed: 14.06.2019)

[6] Internet is blocked to a lower extent in Erythrea.

[7] Tudor, D., & Pearson, J. (2015). North Korea confidential: private markets, fashion trends, prison camps, dissenters and defectors. Tuttle Publishing, p. 62.

[8] Ju Song-ha, ‘지구촌 인터넷 혁명, 北 파고들 가능성은…’ 美방송위 토론회,, (accessed: 2 April 2019).

[9] AT&T is a is a developer of commercial and open source solutions to manage cyber attacks.

[10] (accessed: 12.06.2019)

[11] Sun Heidi Saebo, Kim Dzong Un – Szkic Portretu Dyktatora, wyd. Czarne, Wołowiec 2019, p. 297.

[12] Komisja Nadzoru Finansowego ( in Polish.

[13] Sun Heidi Saebo, Kim Dzong Un – Szkic Portretu Dyktatora, wyd. Czarne, Wołowiec 2019, p. 299.

[14] Oded Yaron, North Korean Hackers Cited in Rare Attack in Israel,, „”, 26 March 2019 (accessed 10.06.2019).

[15]가상화폐 비트코인 북한서 거래,, 9 January 2014 (accessed: 21.04.2019))

[16] 평양서 블록체인 국제대회…100여명 참가,, „” (accessed 14.5.2019)

[17] “북한 블록체인 행사에서 동아시아 블록체인 프로젝트 소개”, 2 May 2019 (accessed: 20.5.2019).

[18] About 50-60 people were supposed to participate to this event. Due to security reasons, the list of participants was undisclosed. 북한 블록체인 컨퍼런스 ‘또’ 열린다…AI도 추가. (accessed: 10.4.2019).

[19]경찰은 인터파크 해킹을북한소행으로 판단했다, (accessed: 20.03.2019).

[20] The first group of North Korean hackers was settled in a North Korean Hotel in Shenyang (aka the Chilbosan hotel) where North Koreanhackers used to live in the early 2000’s. The hotel was shut down in January 2018.

[21]라자루스 그룹 in Korean.

[22] A.k.a Pak Jin-hek.

[23] A team of students of the KimChaek University of Technology obtained the 8th position in the International Collegiate Programming Contest

[24]  A.k.a. Korea Expo Joint Venture. Interestinly Chosun Expo was originally a joint venture between North Korea and South Korea established to be a Korean e-commerce and lottery website. The South Korean partners retired a few years ago from this venture. Chosun Expo i san entity working under the auspices of the room 110 (aka Lab 110) of the WPK.  The company is a.k.a. Korea Expo Joint venture Corporation. Sanctions against this company were applied in October 2018.

[25] Sun Heidi Saebo, Kim Dzong Un – Szkic Portretu Dyktatora, wyd. Czarne, Wołowiec 2019, p. 299.

[26] The Lazarus Group is also known as APT 38, HIDDEN COBRA, Guardians of Peace, Whois Team and Zinc. The most common name is the Lazarus Group.

[27] Lee Yu-ji, 북한 해킹그룹라자루스 공격은 멈추지 않았다, 23 May 2019, (Accessed: 20.06.2019); Guerrero-Saade, J. A., & Moriuchi, P. (2018). North Korea targeted South Korean cryptocurrency users and exchange in late 2017 campaign. Recorded Future, 16, p. 3.

[28] In the mid 80’s, it was already possible to study Computer Science at the Kim Il Sung University. The majority of the equipment were donations from other communist countries such Bulgaria and Poland, but also bought from Japan, or Singapore. There was also a computer laboratory at the Kim Chaek University of Technology. Martin, Bradley K. Under the loving care of the fatherly leader: North Korea and the Kim dynasty. Macmillan, 2004., p. 347; p. 610.

[29]김일성종합대학, 모네로 채굴기 전파하고 있다, (Accessed: 10.5.2019).

[30] 북한의 가상통화 이용 현황, 김민관, KDB 산업은행 미래전략연구소, (Accessed: 22.06.2019)

[31] One of these IT specialists is identified as being Park Seong-su.

[32] Lee Yu-ji, 북한 해킹그룹라자루스 공격은 멈추지 않았다, 23 May 2019, (accessed: 0.06.2019)

Nicolas Levi

Analyst on North and South Korea. He is an assistant professor at the Institute of Mediterranean and Oriental Cultures of the Polish Academy of Sciences. Author of 7 books, more than 20 academic articles, and over 50 analytical reports on the Korean Peninsula, Poland, and related issues. He conducts lectures at top universities in Poland and abroad.

czytaj więcej

Patrycja Pendrakowska for Balkan Development Support: “Western European countries have benefited most from the Chinese capital, the benefits are mutual”

We would like to inform, that Financial Intelligence has published interview for Balkan Development Support with Patrycja Pendrakowska.

Globalization of business, education and China: interview with prof. Chiwen Jevons Lee

Interview of Ewelina Horoszkiewicz with prof. Chiwen Jevons Lee on China on globalization of Chinese business education and his thoughts of China’s role in the global marketplace.

Guidance for Workplaces on Preparing for Coronavirus Spread

Due to the spread of coronavirus, the following workplace recommendations have been issued by the Ministry of Development, in cooperation with the Chief Sanitary Inspector. We also invite you to read article about general information and recommendations for entrepreneurs.

WICCI’s India-EU Business Council – a new platform for women in business

Interview with Ada Dyndo, President of WICCI's India-EU Business Council and Principal Consultant of European Business and Technology Centre

Patrycja Pendrakowska for Observer Research Foundation: “Guiding democracy through Covid19: Poland shows us what not to do”

We would like to inform, that Observer Research Foundation has published article of Patrycja Pendrakowska - the Boym Institute Analyst and President of the Board.

Short summary of events at the Boym Institute

We want the Boym Institute to become a valuable platform of exchanging views, making valuable acquaintances and, above all, deepening knowledge. Therefore, we undertake the organization of many events: debates, lectures, and conferences.

Patrycja Pendrakowska for Observer Research Foundation: “The Polish example: Defending the castle in the European East”

We would like to inform, that Observer Research Foundation has published article of Patrycja Pendrakowska - the Boym Institute Analyst and President of the Board.

Development Strategies for Ulaanbaatar According to the Conception for the City’s 2040 General Development Plan – Part 2

This is the second part of an inquiry into Ulaanbaatar’s winning 2040 General Development Plan Conception (GDPC). In this part of paper, I look into some of the plans and/or solutions proposed in Ulaanbaatar’s 2040 GDPC.

Indonesia – between religion and democracy

Indonesia is the largest Muslim democracy in the world. Approximately 88% of the population in Indonesia declares Islamic religion, but in spite of this significant dominance, Indonesia is not a religious state.

Not only tests and masks: the history of Polish-Vietnamese mutual helpfulness

On the initiative of the Vietnamese community in Poland and Vietnamese graduates of Polish universities, our country received support from Vietnam - a country that deals with the threat posed by Sars-Cov-2 very effectively.

Patrycja Pendrakowska as a participant of Women Economic Forum (WEF) in India

The interactive discussion covers recent projects and collaborations which have contributed to a greener economy in India

What connects shamans and generals? On the problem of verification of internal conflicts of North Korea

The number of confirmed executions and frequent disappearances of politicians remind us that in North Korea the rules of social Darwinism apply. Any attempt to limit Kim Jong-un's power may be considered hostile and ruthless.

San Zhong Zhanfa or Three Warfares. Chinese Hybrid Warfare

Cognitive operations are becoming an increasingly significant and common element of non-kinetic military operations. States and other political players deliberately manipulate the way their actions, those of their allies and those of their adversaries are perceived by the governments and societies of other international players.

Lessons for China and Taiwan from the war in Ukraine

The situation of Taiwan and Ukraine is often compared. The logic is simple: a democracy is threatened by a repressive, authoritarian regime making territorial claims and denying it the right to exist.

Paweł Behrendt for 9DASHLINE: The South China Sea – from colonialism to the Cold War

We would like to inform, that 9DASHLINE has published article of Paweł Behrendt - the Boym Institute Analyst, in which he wrote about history of the South China Sea dispute over the 20th century.

Why We Need Women in Politics, or the Scandal Solved Successfully in Uzbekistan with a Polish Woman in the Leading Role

Polish women do not often become the heroines of media reports in Central Asia. In February 2020, however, it was different. The story of Agnieszka Pikulicka-Wilczewska, a journalist, "heated up" the headlines of local news portals. More importantly, "between the lines" she talked a lot about contemporary Uzbekistan and the role of women in politics.

Workshop – Liberalism vs authoritarianism: political ideas in Singapore and China

We cordially invite you to a workshop session “Liberalism vs authoritarianism: political ideas in Singapore and China”. The workshop is organized by Patrycja Pendrakowska and Maria Kądzielska at the Department of Philosophy, University of Warsaw on ZOOM.

Foreign Direct Investment in Vietnam

Thanks to continuous economic development, Vietnam attracts a record number of Foreign Direct Investment (FDI). The catalyst for such a strong growth of FDI in Vietnam is not only the ongoing trade war between the US and China, but also new international agreements.

Polish-Kazakh Business Forum

An interview with Mr. Meirzhan Yussupov, Chairman of the Board of the “National Company” KAZAKH INVEST” JSC - Member of the Board of Directors of the Company

Coronavirus outbreak in Poland – General information and recommendations for entrepreneurs

Kochański & Partners and the Boym Institute engaged in delivering information about latest after-effects of COVID-19 pandemia, which has begun to spread in Poland during the past days.

Taiwanese Perceptions of Russia’s Ukraine war

Since the invasion of Ukraine, the Taiwanese government remained committed to its position of condemnation for Russia, humanitarian support for Ukraine, and deep appreciation and admiration for the Ukrainian people’s will to defy power, resist aggression, and defend their nation.

TSRG 2021: The Impacts of the BRI on Europe: The Case of Poland and Germany

It is important to contribute to the understanding of what the New Silk Road can mean in economic, political, leadership and cultural terms for the European countries involved. This analysis should reveal the practical consequences of the Belt and Road Initiative for Europe in the case of Poland and Germany, as well as their respective social effects.

Book review: “GDR International Development Policy Involvement. Doctrine and Strategies between Illusions and Reality 1960-1990, The example (South) Africa”

Book review of "GDR International Development Policy Involvement. Doctrine and Strategies between Illusions and Reality 1960-1990, The example (South) Africa", written by Ulrich van der Heyden and published by Lit Verlag in 2013.

Online Course: “Educational tools for addressing the effects of war”

The Adam Institute for Democracy and Peace is offering “Betzavta” facilitators, middle school and high school educators, social activists, communal activists and those assisting refugees an online seminar to explore educational issues related to wartime.