May 09, 2022

Pyongyang Pays South Korean Citizens in Crypto to Sell Military Secrets

By: Jason Bartlett

Seoul recently arrested two South Korean citizens, a 38-year-old cryptocurrency exchange operator (Lee) and a 29-year-old army captain, on charges of espionage related to selling military secrets to Pyongyang. According to reports, a North Korean operative met Lee through an undisclosed online cryptocurrency forum in 2016 and offered him cryptocurrency in exchange for his assistance with ongoing clandestine operations. South Korean media also claims that the two communicated through the private messaging app Telegram. While such features are not inherently bad, criminals have consistently used end-to-end message encryption features and other privacy protocols specific to applications like Telegram to coordinate, propagate, and monetize illicit activity.

The Korean National Policy Agency stated that the North Korean operative paid Lee roughly $600,000 and the army captain about $38,800 in cryptocurrency for their participation. Since Lee has been in contact with the operative since 2016, there are serious concerns over his participation in other incidents of attempted, or successful, espionage against Seoul. Although Pyongyang has a documented history of recruiting South Korean citizens for espionage through coercion and seduction, this is the first known public case of North Korea paying foreign agents in cryptocurrency to commit espionage and an active-duty military captain collaborating with a North Korean hacker.

Cryptocurrency is not only a financial asset to steal and launder, but also a lucrative tool to help fund global espionage and recruit foreign agents.

Interestingly, one of the operations tasked to Lee involved recruiting the active-duty South Korean military captain. When recruited, the captain provided Pyongyang with log-in credentials necessary to access the Korean Joint Command and Control System (KJCCS), which the South Korean Joint Chiefs of Staff use to assess C4I (command, control, communications, computer, and intelligence) capabilities during military drills, training, and operations. Through Telegram, the North Korean operative also ordered Lee to send spycam equipment to the captain in order to photograph items and information of interest to Pyongyang. The equipment included a wristwatch fitted with a secret camera and USBs loaded with “poison tabs,” a hacking tool that allows one to compromise a computer through its USB port for various purposes, such as stealing information, gaining unauthorized control of the device, and more.

Read the full article from The Diplomat.

More from CNAS

  • Commentary
    • The Atlantic
    • February 24, 2025
    How America Wasted Its Most Powerful Economic Weapon

    As Donald Trump embarks on his much-anticipated peace negotiations, they will provide important leverage—Putin will be desperate to recover them, while Ukrainian President Vol...

    By Edward Fishman

  • Podcast
    • February 19, 2025
    Edward Fishman on the Age of Economic Warfare

    In the latest episode of the Sanctions Space Podcast, Justine is joined by Edward Fishman, author of Chokepoints: American Power in the Age of Economic Warfare and an adjunct ...

    By Edward Fishman

  • Podcast
    • February 19, 2025
    What Have U.S. Sanctions on Russia Achieved Since the War in Ukraine Began?

    Three years after Russia's full-scale invasion of Ukraine began, what have U.S. sanctions achieved? NPR talks to Edward Fishman, author of "Chokepoints: American Power in the ...

    By Edward Fishman

  • Video
    • February 17, 2025
    Ziemba: Sanctions Enforcement on Russia To Ease Up

    Rachel Ziemba, an Adjunct Senior Fellow at the Center for a New American Security (CNAS), speaks with Bloomberg TV’s Joumanna Bercetche on the Horizons Middle East and Africa ...

    By Rachel Ziemba

View All Reports View All Articles & Multimedia