Stolen billions fund Pyongyang’s nuclear ambitions, experts warn
G7 leaders are expected to address North Korea’s intensifying cyberattacks and cryptocurrency heists at their upcoming summit in Canada, as concerns grow over the regime’s use of digital theft to finance its sanctioned operations.
Sources familiar with the summit plans, speaking on condition of anonymity due to the sensitive nature of the discussions, say North Korea’s increasingly sophisticated hacking campaigns have alarmed Western governments. The summit, scheduled to be held in Alberta in mid-June, will primarily focus on the ongoing wars in Ukraine and the Middle East, as well as trade tensions involving the United States and several G7 partners. However, North Korea’s expanding cyber operations are now likely to appear on the agenda.
The concern is rooted in the hermit kingdom’s ability to deploy a state-sponsored army of hackers that has infiltrated global systems, demanding ransoms and siphoning billions in cryptocurrency. These illicit gains have become a vital source of revenue for Pyongyang, helping it circumvent sanctions and fund programs such as its nuclear weapons development, authorities say.
Earlier this year, a massive US$1.5 billion was stolen from the digital asset exchange Bybit in a single cyberattack linked to North Korea. This came on the heels of a reported US$1.34 billion stolen from cryptocurrency firms across 47 incidents in 2024, according to blockchain analytics firm Chainalysis. That figure nearly doubled the US$661 million stolen across 20 incidents the previous year.
North Korea’s cyber arsenal includes ransomware attacks and direct theft from digital asset platforms, but perhaps most troubling is its covert placement of IT workers in foreign companies. These individuals, often based in China and Russia, assume false identities to gain employment, generating revenue that flows back to the regime.
In one recent case, crypto exchange Kraken revealed it had thwarted a North Korean hacker who applied for an engineering role. Kraken’s security team uncovered a broader scheme in which a single operative had created multiple identities to seek employment.
“North Korea has dispatched thousands of skilled IT workers to live abroad, primarily in China and Russia, with the aim of deceiving U.S. and other businesses worldwide into hiring them as freelance IT workers to generate revenue for the regime,” the U.S. Justice Department said.
These covert operations rely heavily on deception, including fake email and social media accounts, forged resumes, and the use of proxy servers and unsuspecting intermediaries. According to officials, such schemes have grown in scale and complexity, underscoring the need for international coordination to shut them down.
Mounting unease over Pyongyang’s cyber capabilities also coincides with its increasing military cooperation with Russia. Both nations recently confirmed that North Korean troops were fighting alongside Russian forces in the Kursk region, following earlier denials.
As G7 nations prepare to meet in June, the spotlight may now shift toward how global powers can unite to counter a new and stealthier form of threat — one waged not on battlefields, but behind computer screens.