How North Korea Trained World-Class Hackers to Steal Cryptocurrency Again, This Time $1.5 Billion
TechFlow Selected TechFlow Selected
How North Korea Trained World-Class Hackers to Steal Cryptocurrency Again, This Time $1.5 Billion
In this new era where keyboards replace missiles, the keystrokes of young hackers will become the sword of Damocles hanging over cryptocurrency.
Navigating Web3 tides with focused insightsOn February 21, the cryptocurrency exchange Bybit suffered a $1.5 billion hack, once again thrusting the North Korean hacking group Lazarus Group into the spotlight.
In recent years, this organization has repeatedly succeeded in high-profile attacks—from the KuCoin exchange breach to the Ronin cross-chain bridge heist, and even the hacking of the Defiance Capital founder's personal wallet—the masterminds behind these incidents were all traced back to this mysterious hacking group.
You might wonder, how has one of the world’s most isolated nations managed to cultivate such formidable power in the digital battlefield?
In traditional military domains, North Korea cannot match the U.S.-South Korea alliance, but cyber warfare offers it a strategic lever for achieving "great results with minimal effort."
Since the 1980s, the North Korean government has invested heavily in hacker training under an internal program codenamed "Secret War."
Jang Se-yul, a North Korean who defected to South Korea in 2007, previously studied at Mirim University (now known as the University of Automation), one of North Korea’s top engineering schools. During his university years, Jang took courses offered by Bureau 121 alongside other hackers.
After graduation, Jang joined North Korea’s Reconnaissance General Bureau, under which Bureau 121 operates as an elite espionage unit. It was then that he began interacting closely with Bureau 121’s top hackers.
In a later interview with Business Insider, Jang Se-yul stated that compared to North Korea’s nuclear threats, its cyber threats are more practical and far more dangerous. He said: “This is a silent war. The battle begins without firing a single shot.”
The question remains: how can such a poor and resource-starved nation invest so heavily in cyber warfare?
Jang Se-yul’s answer is: because training a hacker is extremely cheap.
Generally, North Korean society is divided into three main classes—core class (basic masses), wavering class (complex masses), and hostile class remnants (former landlords, rich peasants, etc.)—further subdivided into 56 distinct strata. These classifications are recorded in household registers and used during official appointments.
An Chan-il, director of the World Institute for North Korea Studies, noted that historically, becoming a hacker in North Korea required favorable family background, as any drop in loyalty to the party could threaten the regime.
However, after comprehensive international sanctions cut off North Korea’s legitimate foreign currency earnings, the country turned to illegal means—cyberattacks—to generate revenue.
This opened special pathways for cyber talent, allowing exceptional individuals to rise regardless of origin.
Jang’s alma mater—the University of Automation—is the core base for training North Korean hackers. He said, “Each class admits only 100 students, but there are up to 5,000 applicants.”
This could be seen as a supercharged version of college entrance exams. Once selected and trained as hackers, they join North Korea’s top 1%, though the journey is exceptionally grueling.
Before deployment, these young hackers undergo nearly nine years of rigorous training, starting as early as age 17.
At school, they attend six 90-minute classes daily, studying various programming languages and operating systems. They spend extensive time analyzing software like Microsoft Windows, researching ways to penetrate computer information systems in adversarial countries such as the U.S. and South Korea.
Additionally, their core mission is to develop original hacking tools and computer viruses, rather than relying on existing foreign programs.
In Jang’s view, North Korean hackers’ technical skills are on par with top programmers at Google or the CIA—and possibly even superior.
From day one of their education, these “hacker youths” are assigned missions and grouped according to target regions—such as the United States, South Korea, or Japan. Once assigned to a specific “country team,” they spend nearly two years infiltrating that nation, learning its language and culture thoroughly, ensuring they remain undetected not just technically, but socially as well.
Jang mentioned that one of his friends worked for an overseas division of Bureau 121 while posing as an employee of a North Korean trading company. No one knew his true identity, and the company operated legitimate business activities.
Due to the unique nature of cyber warfare, these young hackers have unrestricted internet access, enabling them to stay updated on global developments. They are fully aware their country is highly “closed and conservative,” yet this does not weaken their patriotism or loyalty to their leader.
“Even if someone forcibly tried to persuade them, or offered them jobs at the South Korean presidential office, they would never betray their country,” Jang stated.
Of course, becoming a hacker also brings wealth and privilege.
A young hacker’s monthly salary can reach $2,000—double that of a North Korean ambassador abroad. In addition, they receive luxury apartments in central Pyongyang exceeding 185 square meters and can relocate their families to the capital—extremely attractive incentives by any standard.
In this new era where keyboards replace missiles, the keystrokes of young hackers will become the Damocles sword hanging over cryptocurrencies.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
深潮TechFlow
