North Korea's Foreign Ministry issued a flat denial on Sunday, calling allegations of involvement in recent international cryptocurrency hacking cases "false information" and "absurd slander." The statement was delivered through the Korean Central News Agency - the standard delivery mechanism for official Pyongyang positions - and blamed the United States for manufacturing a "distorted perception" of a "nonexistent cyber threat."
The Denial and the Data
The denial lands in an unusual context, even by North Korean standards. Blockchain analytics firm TRM Labs reported last month that North Korean-linked hacking groups accounted for 76% of all cryptocurrency losses to hacking in 2026 through April - not because Pyongyang's operatives launched a wave of attacks, but because two massive heists totaling $577 million dwarfed every other theft on record this year. The Lazarus Group, a North Korean state-sponsored hacking collective active since at least 2014, is the alleged actor behind both operations.
The language out of Pyongyang is notably sharp. The Foreign Ministry accused Washington of using "government agencies, compliant media outlets and plot-making organizations" to paint North Korea as a cyber threat. The phrasing is familiar - North Korea has been issuing near-identical denials for years, typically within days of new blockchain forensics linking its alleged operatives to a major theft.
The KelpDAO Hack in the Background
Looming behind Sunday's denial is the April 18 attack on decentralized finance platform KelpDAO, which reportedly involved approximately $290 million in cryptocurrency. Investigators and blockchain analysts have pointed to the Lazarus Group as the alleged perpetrator of that attack. KelpDAO has been working with law enforcement and tracing firms since the hack was discovered, though recovery of on-chain funds at this scale is historically rare.
Why the Denials Have Stopped Mattering
The crypto security community has largely stopped treating North Korean denials as informative. The forensic tools have gotten too good and the on-chain evidence too granular. Every time a significant hack occurs and funds move through a recognized Lazarus wallet cluster - via mixing protocols, chain-hopping, or over-the-counter desks that specialize in moving sanctioned assets - the trail gets longer and more detailed, regardless of what Pyongyang says publicly.
The more important question isn't whether North Korea did it. It's why crypto remains such an attractive target despite years of international attention. The answer is structural: private keys are not seizable through legal process the way bank accounts are. As long as Pyongyang's operatives maintain custody of those keys, conventional sanctions frameworks cannot claw the money back.
The denial is theater. The $577 million is real.
---------------
Author: Seta Tsuruki
Asia Newsroom
No comments
Post a Comment