DeFi Hacks and North Korea – an Inconvenient Truth

Reading Time: 4 minutes
  • North Korean hacking groups have targeted DeFi platforms in recent years, stealing close to a billion dollars
  • This money is going directly toward North Korea’s weapons program
  • With missiles now capable of reaching New York, protocol developers need to think much bigger in terms of security

The link between North Korean hacking groups such as Lazarus and multi-million dollar cryptocurrency hacks has been known about for over five years, a connection that has led directly to the rogue state being able to build and test intercontinental ballistic missiles. While accusations that cryptocurrencies are only used by criminals are now laughably out of date, the argument that sloppy security practices are allowing state-sponsored hackers to directly target DeFi protocols in order to fund the warmongering ambitions of a narcissistic madman is true.

As March’s Ronin hack showed, it is time that developers and DeFi project leaders started to take some responsibility for the code and the projects they create and massively upgrade their security, otherwise the cost will be much more than the freedom and privacy of the DeFi space.

North Korean Hackers Indulging in Low Hanging Fruit

North Korea has been hacking cryptocurrency entities for over five years, starting with exchanges in 2016. Many of these exchanges had poor security, little expecting the likes of Lazarus to come knocking at their door (or, rather, breaking in through the garage), but the surge in popularity of the crypto space in 2016-17 led to them looking after billions of dollars in user funds.

The poor security led to them getting hacked left right and center, with Lazarus being a principal group involved in such activities, leading to funds pouring into North Korea. As the space has developed, exchanges have in general increased their security practices over the years, while some smaller ones have gone out of business.

As a result, centralized exchanges are not as easy for hackers to infiltrate. Luckily for them, the DeFi movement has presented them with another herd of sacrificial lambs on which they can prey, with the result that hundreds of millions of dollars has been stolen from DeFi protocols and funneled into North Korea, directly funding a missile program that now even threatens New York.

Ronin Hack Fallout Encapsulates Small-time Mentality

As with unregulated exchanges, DeFi protocols have no set security standards, with a group of college mates able to come together, raise some funds, hire some developers, and create a DeFi product, without giving the first thought to security. Within a few months they can have hundreds of millions of dollars bound up in their project, which piques the interest of one of the world’s elite hacking groups, and soon North Korea has a new intercontinental ballistic missile.

Those that are taking security seriously, which to be fair is many of them, still fall far short of what they could do to protect their funds, even though the stakes are ludicrously high. Take the case of the Ronin hack, which saw Lazarus steal $540 million from the bridge. A month after the breach, which wasn’t spotted for six days, Ronin owners Sky Mavis came out with a raft of security improvements. These included an increase in the number of blockchain validators from 9 to (eventually) 100, combing through every area of its security and upgrading where necessary, re-training staff on how to avoid such attacks, and multiple other measures, all with the aim of creating “the gold standard when it comes to security.”

This is laudable, but this issue is why weren’t they doing this before? If 9 validators is now considered insubstantial, and compared to 100 it most certainly is, then why wasn’t 100 the original goal? Why were these other measures not considered before the breach, knowing that the likes of Lazarus is looking for projects just like it to try and break into. Why are staff not on monthly security refresher courses, with updates on what to look out for? This shows a severe lack of worst case planning from the Ronin team, and the team are going to have to live with the knowledge that their small-scale thinking has led to some half a billion dollars going into creating even  more devastating missiles that North Korea can potentially use against the world one day.

Decentralization Leaves Security in the Individuals’ Hands

Of course, the issue isn’t Ronin’s alone, but it is the most glaring example, and it is a guarantee that there are DeFi protocols out there that, like Sky Mavis, simply don’t know that their security is insubstantial. There is no handbook to turn to, no DeFi Security for Dummies – each set of product creators and developers are just having a guess at what will be best practice.

Unfortunately, this is having a direct impact on the potential safety of millions of people between Pyongyang and New York. North Korea’s missile development is being directly funded by funds raised by cryptocurrency hacks, and still it doesn’t seem that creators and developers are taking it seriously enough. Companies like Certik can carry out smart contract audits to make sure the code is up to scratch, but Certik-certified protocols are hacked anyway.

If we can’t have an official body that oversees all DeFi protocols (which, obviously, we can’t), then there should at least be a handbook for Defi protocol creators and developers to follow to ensure that their protocols are protected in the strongest way possible from hackers. And if that’s not possible, then those in positions of power in these projects need to be thinking creatively when it comes to issues of security. They should use the Ronin hack as a barometer for their own measures: Sky Mavis thought that 9 validators would be enough to keep hackers at bay, and now, post-hack, they’re aiming for 100. That fact should have every DeFi protocol creator sitting up and taking notice, and then taking action.

Freedom of DeFi Is on the Line

This issue is becoming so important that it bears repeating. North Korea funds elite hacking groups that are picking off DeFi protocols like apples off a tree in autumn, stealing hundreds of millions of dollars and using it to make weapons of mass destruction. The cryptocurrency space simply cannot allow events the scale of the Ronin hack to continue, or there will be a crackdown on the crypto and DeFi space the likes of which we can’t even imagine yet.

We can’t complain that the likes of the EU parliament wants to deanonymize all cryptocurrency wallets if protocol developers are making products that are unintentionally funding terror.

We will only get one shot at ensuring that the crypto and DeFi spaces retain the levels of privacy that we demand, but this comes at the cost of far tighter security. Protocol operators need to wake up to what has been happening with the likes of Lazarus and increase their efforts ten fold or risk the lives of millions of people, and have the space getting regulated into non-existence.