The Group of Seven (G7) nations have issued a renewed call for collective action to combat North Korean cryptocurrency theft and broader cybercrime activities. In a statement adopted during the G7 summit held in Évian-les-Bains, France, the leaders expressed "deep concern" over North Korea’s nuclear and ballistic missile programs, which the United Nations and cybersecurity researchers have repeatedly linked to funding derived from crypto theft.

The G7 declaration broadens a warning issued after the June 2025 summit in Canada, where the group’s chair first called for members to jointly address "DPRK cryptocurrency thefts fueling” the country’s weapons programs. The latest statement expands the scope to include wider cybercrime, though it stops short of specifying concrete measures such as exchange screenings, targeted sanctions, or actions against mixing services commonly used to launder stolen crypto assets.

Escalating Threat from North Korean Hackers

North Korean hacking groups, often identified as Lazarus Group, BlueNoroff, and other state-sponsored entities, have become one of the most prolific threats in the cryptocurrency space. According to blockchain analytics firm Chainalysis, North Korean hackers stole at least $2 billion in cryptocurrency in 2025, bringing the total attributed to DPRK-affiliated actors to at least $6.75 billion since 2016. Notably, the hackers achieved these gains despite carrying out fewer confirmed attacks, by embedding information technology workers inside crypto companies or impersonating recruiters and investors to gain access to internal systems.

In 2025, high-profile exploits include the roughly $285 million Drift Protocol breach in April and the $36 million Humanity Protocol breach in June. Both incidents are suspected to have been carried out by North Korean actors, further highlighting the sophistication and scale of these operations.

Industry Reports and Warnings

A May 2025 report from cybersecurity firm CrowdStrike described North Korean actors as the largest threat group targeting crypto users by value stolen. The report noted that campaigns prioritized high-value targets, with proceeds "almost certainly laundered to fund the regime’s military programs." These findings align with earlier assessments from Chainalysis and other firms, which have documented the evolution of North Korean hacking tactics over the past decade.

North Korea has consistently denied allegations of cyber theft. In a May 2025 statement published by state news agency KCNA, a Foreign Ministry spokesperson accused the United States of spreading false information and described claims of a North Korean cyber threat as politically motivated "slander." Despite these denials, the G7 and Western intelligence agencies continue to view state-sponsored hacking as a critical source of revenue for Pyongyang, especially given international sanctions that restrict traditional trade.

Historical Context and UN Sanctions

The United Nations Panel of Experts on North Korea has documented multiple instances of cyber-enabled theft, including the 2017 WannaCry ransomware attack and the 2016 Bangladesh Bank heist, both of which were linked to Lazarus Group. In recent years, the focus has shifted overwhelmingly to cryptocurrency exchanges and DeFi protocols, which offer lucrative targets with relatively low risk of detection. The UN estimates that North Korea has stolen between $1.7 billion and $2 billion in crypto assets from 2020 to 2024 alone, funding approximately 15 to 20 percent of its weapons programs.

The G7’s renewed call underscores the growing awareness that crypto-related crime is not merely a financial issue but a direct threat to international security. The statement also highlights the need for enhanced regulatory frameworks, cross-border cooperation among law enforcement agencies, and better information sharing between public and private sectors.

Industry Response and Technological Challenges

Cryptocurrency exchanges and blockchain security firms have stepped up efforts to trace and freeze assets linked to North Korean hackers. Services like Chainalysis, TRM Labs, and Elliptic provide real-time tracking tools that have helped recover millions of dollars in stolen funds. However, the use of mixing services, privacy coins like Monero, and decentralized exchanges continues to pose significant challenges. The G7’s reluctance to explicitly target these technologies in their latest statement may reflect the complexity of regulating a global, borderless financial system.

Another key issue is the infiltration of North Korean IT workers into legitimate crypto companies. By using false identities and remote work arrangements, these operatives gain access to internal systems, enabling sophisticated social engineering attacks. The Crypto Council for Innovation has called for stronger KYC (Know Your Customer) procedures and background checks for remote hires, but implementation remains uneven across jurisdictions.

As the G7 looks toward future summits, the group may need to adopt more concrete measures, such as coordinated sanctions on mixing services, mandatory exchange reporting of suspicious transactions, and joint law enforcement operations. The current statement represents a step forward in acknowledging the severity of the threat, but without actionable commitments, the flow of illicit funds may continue to fuel North Korea’s weapons ambitions.

Source:Cointelegraph News