64 comments

[ 3.9 ms ] story [ 184 ms ] thread
There's a reason a lot of people refer to buying cryptocurrency as funding the North Korea nuclear weapons research program.
> job offer was fake. North Korean hackers now had access to Sky Mavis's private keys

Maybe Sky Mavis was too busy playing with cryptocurencies instead of implementing proper information security. /s

But yeah, North Korea = bad, America = good.

North Korea can be bad independent of any whataboutist dialectic games.
doesnt US hold like billions of dollars worth of bitcoin and other crypto that have been "siezed" over time?

'when' US sells these, wouldnt it be making a profit from stolen crypto?

Are you talking about crypto assets seized from criminals? Because it should be obvious that that's completely different from a state-run worldwide hacking operation.
no. gains from holding on to assets as opposed to disposing off the siezed assets at market value at the spot.
There’s an argument to be made that asset seizure and hacking wallets are not quite the same thing.
NK needs to pass some laws making crypto wallets outside of NK illegal. Then it can all be categorized under asset seizure.
>NK needs to pass some laws making crypto wallets outside of NK illegal. Then it can all be categorized under asset seizure.

Sure, it would be seizure anywhere they have jurisdiction.

Which isn't anywhere outside NK, rendering that point moot.

Wouldn't it be enough that someone located not-in-the-US to do any sort of business with a person in the US, for the US government to now consider that part of their jurisdiction and get involved? Just one random example from Wikipedia, but there are a bunch more cases of the US acting "outside of their jurisdiction": https://en.wikipedia.org/wiki/Shutdown_of_Sky_Global

Similarly, I guess North Korea could look at things the same way.

That’s how pretty much the way that infosec is portrayed in the media. It’s usually “bad hackers” and seldomly “lackluster security”. I’ve yet to hear “didn’t want to pay for qualified infosec people” which I actually believe is the most common issue when a medium sized company was hacked.
Turns out there is a real world use case for crypto.
making money disappear from balance sheets is another one, but it was the pandemic and the weak economy it caused
My running joke is that it would be awesome if Satoshi Nakamoto were North Korean and this was all planned from the start. I'd give it a 10% chance of being the case.
Tangentially, if you have to make money "from" stolen currency, it must be a strange kind of currency.
Crypto is a form of asset, not currency. We just use the wrong word for it.
To you maybe. I regularly buy things with it.
Can you disclose three of the types or products you buy with it without going to jail though?
Assuming most people that use cryptoassets are criminals is not very nice. The media loves to talk about criminals using it, as though criminals do not use every other asset class as well.

I buy all sorts of things. To name a few....

Cloud servers, VPN subscriptions, hardware security modules, random number generators, mechanical puzzles, anonymous donations to charities, payments to/ from friends for splitting checks at dinner, coffee from Backyard Coffee in Palo Alto, beer from a bar in Germany, a usb battery at a electronics store in Japan.

Friend of mine even uses it to buy sex toys online with reasonably good privacy.

Everything I have ever purchased with cryptoassets is legal and the same is true as far as I know of all the many friends I have that make regular use of them as well.

Some of us actually believe in centralized finance without central government control, and others just like to buy things or move value around without fees or having their purchase history sold.

Man, you are spending those tokens on coffee? You'll regret it when it reaches moon by next year. You can buy the whole coffee shop then with same number of satoshi-butts!
Please don’t attack others or be hostile.
*decentralized finance
> Can you disclose three of the types or products you buy with it without going to jail though?

I know this isn’t the main point of your question, but illegal things can be moral (eg most “victimless crimes” like being homeless/sleeping in a van) while legal things may be immoral (eg bank accounts in the canary island).

I dunno. Is "asset" really the right word for "your own little step on the pyramid scheme"
You can make money from stealing anything of value. What is strange about it?
Normally if you stole euros you wouldn't need to first sell them for dollars to get value out of them. Cryptocurrencies are not currencies, not any more than rare postage stamps are.
I buy things and send money with cryptocurrency often, and some of my clients pay me with it.

Faster than bank transfers, and lower fees.

How is it being one of like 12 people globally who actually do this?
I know hundreds, so I assume there are thousands of us at least.

Not to mention spikes in usage in several countries during times where inflation is wild enough to make bitcoin prices seem stable by comparison.

> Normally if you stole euros you wouldn't need to first sell them for dollars to get value out of them.

I can't pay with dollars in most of the shops in Poland. According to your logic, a dollar isn't a currency, not any more than rare postage stamps are.

Or, in other words - why and how do currency exchanges exist, then? They literally sell and buy different kinds of money.

You can buy things with euros outside of Poland though, just because Poland doesn't use Euro as a currency doesn't mean it isn't one. Most cryptocurrencies aren't currencies in the sense that no one accepts them for anything other than regular currencies or other crypto. There are rare exceptions to this, but that's exactly what they are - exceptions.

>why and how do currency exchanges exist, then

I hope this isn't a real question.

You can buy things with bitcoin outside of the Internet, too; just because USA doesn't use bitcoin as a currency doesn't mean it isn't one. By your logic, most existing currencies aren't currencies either, in the sense that no one accepts them for anything other than regular currencies or cryptocurrencies, and that also happens only when you're in a currency exchange. There are rare exceptions to this, but that's exactly what they are - exceptions.

> I hope this isn't a real question.

I hope it is.

>>By your logic

You keep saying this, but you keep replying to what you think my logic is rather than what I actually wrote, because I guess it's just easier to argue with.\

>>There are rare exceptions to this, but that's exactly what they are - exceptions.

Yes, you're right - entire countries accepting a currency for trade and services is exactly the same as what is effectively small handful of traders accepting crypto. 300 million people using euro every day is no different than maybe few hundred companies accepting bitcoin - both are exceptions.

Not really sure what point you are trying to argue. I think I’m missing the crucial importance of the implied consequence of “cryptocurrencies are/aren’t currencies therefore…”

I don’t see any importance of that label beyond arbitrary tax implications. So to me that question seems as important as “Is hot dog a sandwich?”

You kind of would? For any non-minor amount you’d surely have to find some way to launder them, which almost certainly would’t give you a 1:1 return.

Doesn’t make **coins currencies though.

Agreed in principle, but I'm guessing one could argue that stolen money has to be laundered before being used.
No evidence is presented that North Korea was involved.
This is not new news, and the role of North Korean hackers in cybercrime is well documented.

https://www.trmlabs.com/post/inside-north-koreas-crypto-heis...

https://go.chainalysis.com/rs/503-FAP-074/images/Crypto_Crim...

What would you accept as evidence and would that be appropriate for general news?
Most sources with news or accusations against North Korea do not have much evidence. For most countries, if hackers steal something, you do not assume as first hypothesis that their government was responsible. Just the usual psy ops and propaganda against a target identified as enemy. Of course, perhaps it is truth and they indeed use military funding to scam people and evade sanctions (which should not exist anyway in my opinion). If so, no conclusive evidence would exist anyway, this operation would have a plausible deniability that it was just talented individuals commiting crimes, not state operatives.
Since the ledgers are public, how difficult is it to black list individual bitcoins?

E.g, have the feds do a public list of blacklisted coin ids and simply say that accepting these coins is against whatever compliance is necessary for a business to operate crypto in the USA and Europe.

Then when some realestate agency is about to sell an apartment in Dubai for bitcoins they’re gonna be “no, not those. We can add them to our coin base” or whatever.

I get that all countries that don’t care about the black list can continue trading, but those coins still have smaller demand and thus smaller value.

anyone with the capability to deploy this would presumably have a conflict of interest due to the overall value dropping due to inability to use it as a crime currency.
I could be off, its been a while since ive been in crypto - take with a pinch of salt;

Bitcoins dont really exist, they aren't a row with a "uuid" that we can just say "block bitcoin X". Its a ledger so you are worth the sum of transactions on the ledger against "wallet x" at any particular time. Blocks are really just "diffs" and if you sum those diffs you get to a "balance" that the network can verify and allow you to spend.

So when you want to block "some bitcoins" you have to "follow the money", which will get you to wallet address. It's easy to block a single wallet address but the the criminals just split that one bitcoin into 10K addresses, now you have to follow that set of transactions and block 10K addresses.

The implications / problem gets worse as you consider finical crimes like in the UK, gangs will transfer £1K/£2k to some young persons bank and ask them to with draw 90% of it. Should we permanently remove a young person from the network cause of 1 mistake? Should we force them to go through the risk of setting up a new address?

Then of course the mixers / LN / complicated transaction tree's (blockchian hoping, ETC) - its a bit of nightmare.

Its not unsolvable, but I cant imagine its an easy task by any metric.

Bitcoins aren't individual. You just have addresses with an associated sum, once two different addresses send 1 Bitcoin each to that address, those are equal and if you send 1 Bitcoin from the address who just received it, it's not one of Bitcoins that was received that got sent, it's just two values being updated at the same time (sender's amount decremented, receivers amount incremented).

What you can do, is blacklist specific addresses, and deny receiving/sending to anything that been "in contact" with that address. But you will for sure end up blocking more than you want with this approach, although that might not be a huge issue for the ones who are trying to block things.

That's fair enough. People are so dumb investing in these scam crypto projects and ignoring all the good, secure projects, I feel safer knowing that their money is now in North Korea's hands.
Where should I find all the good, secure projects?
Probably in North Korea. They have the best real-world tested security teams so they can be trusted with your money. Being from North Korea means you don't have to worry about all those western nanny-state regulations and oversight. Just buy their coins and become rich with zero risk...
In case this is an earnest question: the Lindy effect is your friend. Don't chase shiny new things. Stay away from new projects until they have a track record of 10 years or more. This simple rule would have saved people from Mt Gox, Luna, FTX, and every other fly-by-night disaster.
NK is a country where there are still people eating roots and where they couldn't even photoshop properly a hoovercraft in a picture. WTF. Just seriously WTF.

We're literally talking about a country where computer-savvy people cannot even photoshop a picture.

I don't buy it that this country has the world's top hackers (no matter how often that it repeated by mainstream media) and I don't buy it that NK is thriving thanks to Bitcoin.

What I do believe though is that North Korea is the ultimate boogeyman.

If had a bunch of badass hackers in my dictator-run country, and I want to try to exploit that fact for as long as possible, I'd probably make sure to give the impression that my country is so backwards we cannot even edit images correctly, so people give me the benefit of doubt.
That's pretty opposite of what most dictatorships do, though, right? Usually they want to seem to be more than they are. If it's originating from N. Korea it could be Chinese organized crime working through the country or it could be someone else entirely. It could be the CIA recouping loses from pot sales after legalization.
North Korea is a country that regularly test ICBM and nuclear bombs. But because of a crappy Photoshop those media reports are also fake? How many of the best hackers are also great at using Photoshop? Maybe kids in North Korea don't get to just dick around on the computer growing up and have their skills directed.
Viewed with another lens, North Korea has quickly become one of the biggest production penetration testers, with a focus on making the cryptocurrency industry safer by demonstrating how much security some exchanges are lacking. If these exchanges actually did their job and hired competent people, maybe they wouldn't frequently lose user's funds.

All for the cost of ~$US1.65 billion per year. I wonder if this would be cheaper or more expensive than a high-profile security consultancy covering the same surface area.

> All for the cost of ~$US1.65 billion per year. I wonder if this would be cheaper or more expensive than a high-profile security consultancy covering the same surface area.

Depends on whether or not the consultancy is one of the big 3/4 lol

OK so they steal some Magic Internet Tokens, but how does that help pay the actual bills? You can't import oil or materials or microchips in exchange for Buttcoins. You will have to find a fool to give you real money in exchange of those tokens right? Even China and Russia won't accept funny-money in exchange of real goods. Sure, they will be able to sell some of those tokens on some exchanges to DCAing gamblers or laser-eyed folks like Saylor and Bukele, but that won't net them Billions. Also, the money will have to flow through some banking channels even if from some shady island nations. How do they actually liquidate the stolen tokens?
You mix and anonymize it all and cash in some part into actual money stored in friendly overseas banks like Macao.

The rest is still useful for trade bypassing sanctions. You can't buy nuclear weapons or stuff to make nuclear weapons with a bank transaction because financial system is watching and bank mgmt doesn't want to be jailed but you still use magical tokens to barter for those goods direct.