Weapons Funding Calculator
How Stolen Crypto Funds Weapons
Based on U.S. intelligence and UN reports: North Korea has stolen over $3 billion in cryptocurrency since 2017 to fund its nuclear weapons program and missile development.
North Korea doesn’t need oil exports or foreign investment to pay for its nuclear weapons. Instead, it’s hacking your crypto wallet.
Since 2017, the regime has stolen more than $3 billion in cryptocurrency - not through brute force, but by tricking people, infiltrating companies, and exploiting the wild west of digital finance. These aren’t random cybercriminals. They’re state-sponsored hackers working under Pyongyang’s direct command, turning stolen Bitcoin and Ethereum into missiles, warheads, and submarines.
How the Heists Work
North Korea doesn’t mine crypto like a hobbyist with a GPU in their basement. They don’t run fake ICOs to raise money - there’s only one known case of that, and it failed. Their real weapon is cryptojacking - sneaking into crypto exchanges, DeFi platforms, and private wallets to steal funds outright.
These aren’t simple phishing emails. These are years-long operations. Hackers pose as Canadian IT contractors, Japanese blockchain developers, or U.S.-based freelancers. They send fake resumes, do video interviews, and get hired by crypto firms. Once inside, they plant malware, steal private keys, or manipulate internal systems to drain wallets. The FBI has tracked specific movements of stolen Bitcoin linked to the Lazarus Group - North Korea’s main hacking unit - moving over 1,580 BTC from multiple heists.
One of the biggest recent targets was Bybit, a major crypto exchange. Hackers pulled out hundreds of millions in a single attack. That’s not an anomaly. It’s the business model.
The Money Laundry
Stealing crypto is only half the job. The real trick is turning it into cash without getting caught.
That’s where crypto mixers come in. These are services that take your stolen Bitcoin, mix it with thousands of other transactions, and spit out clean coins from different addresses. It’s like pouring red paint into a giant bucket of white paint - suddenly, your red is gone. North Korea uses these mixers to erase the trail. Then, they convert the mixed crypto into stablecoins like USDT or USDC, which are easier to move across borders. From there, it flows into offshore exchanges, peer-to-peer trades, or even physical cash via intermediaries in Southeast Asia and Africa.
The result? No bank records. No wire transfers. No paper trail. Just digital cash that funds nuclear tests.
Why It’s So Hard to Stop
Traditional sanctions don’t work here. You can freeze a bank account. You can block a shipping port. But you can’t shut down a blockchain.
Cryptocurrency operates without banks, without regulators, and without borders. North Korea exploits that. While Western financial systems are locked down with KYC and AML rules, crypto platforms - especially smaller ones - still have weak controls. Hackers target those gaps. A single unsecured API key or an employee who clicked a phishing link can cost millions.
Even when authorities track stolen coins, they can’t always seize them. Bitcoin wallets are controlled by private keys - if you don’t have the key, you don’t have access. The FBI has identified six wallet addresses holding over $40 million in stolen Bitcoin, but unless someone with the key moves the funds, the money stays frozen - and still usable by the regime.
Who’s Behind It
The Lazarus Group, also known as APT38, is North Korea’s cyberwarfare arm. It’s not a loose collection of hackers. It’s a structured unit under the Reconnaissance General Bureau, the country’s main intelligence agency. These teams have specialized roles: some focus on social engineering, others on blockchain analysis, others on laundering.
They’ve been operating since at least 2017, and their skill level has only grown. They’ve hacked South Korean defense contractors, U.S. crypto firms, and even blockchain projects in Europe. In 2024, the U.S. Justice Department charged nine individuals tied to these operations. Many of them are believed to be living abroad - in China, Malaysia, Russia - working remotely under fake identities.
There are likely thousands of North Korean-affiliated hackers spread across the globe. Some work in state-run cyber labs. Others are freelancers paid in Bitcoin. The regime doesn’t need to recruit them - it just needs to pay them.
What This Money Buys
Every stolen Bitcoin doesn’t just sit in a vault. It gets converted into weapons.
UN investigators have confirmed that North Korea uses crypto proceeds to fund its nuclear weapons program, long-range missiles, and chemical weapons development. That includes buying raw materials like uranium and graphite from black-market suppliers, paying scientists and engineers, and testing new warhead designs.
Without this cash flow, the regime would struggle to maintain its military ambitions. Sanctions have crushed its export economy. Oil imports are limited. Foreign aid is cut. But crypto theft? That’s a renewable resource. As long as there are vulnerable crypto platforms, there’s money to steal.
How the World Is Responding
The U.S. has responded with rewards - up to $15 million for information leading to the disruption of these operations. The FBI tracks wallet movements in real time. The Treasury Department has sanctioned crypto mixers linked to North Korea. South Korea, Japan, and the U.S. formed a trilateral task force in late 2023 to share intelligence and coordinate cyber defenses.
But progress is slow. Most crypto platforms still don’t have real-time anomaly detection. Many don’t monitor for known North Korean wallet addresses. Even when they do, enforcement is patchy.
Senators like Elizabeth Warren and Jack Reed have pushed the Treasury and DOJ to act faster, warning that every day without stronger defenses is another day North Korea buys another missile.
What You Can Do
If you’re a regular crypto user, you’re not the target - but you’re part of the ecosystem that makes these attacks possible.
- Use hardware wallets. Never store large amounts of crypto on exchanges or hot wallets.
- Enable multi-signature (multi-sig) on any wallet holding significant value.
- Verify every email, job offer, or support request. North Korean hackers are great at impersonation.
- If you run a crypto company: audit your APIs, monitor for unusual withdrawals, and blacklist known North Korean wallet addresses.
It’s not about paranoia. It’s about recognizing that your security practices help or hurt global stability.
The Bigger Picture
This isn’t just a crypto problem. It’s a national security crisis disguised as a tech issue.
North Korea is proving that in the digital age, you don’t need a navy to threaten the world. You just need a laptop, a network of hackers, and a blockchain that doesn’t ask too many questions.
As long as crypto remains unregulated in key areas, Pyongyang will keep stealing. And as long as stolen funds keep flowing, the threat of nuclear escalation won’t fade - it will grow.
How much money has North Korea stolen from cryptocurrency?
Between 2017 and 2023, North Korea is estimated to have stolen over $3 billion in cryptocurrency, according to United Nations reports and U.S. intelligence assessments. These thefts are primarily carried out by state-sponsored hacking groups like Lazarus Group, targeting exchanges, DeFi protocols, and private wallets.
Who is behind the crypto thefts?
The Lazarus Group (also known as APT38) is the main hacking unit responsible. It operates under North Korea’s Reconnaissance General Bureau, the country’s primary intelligence agency. These hackers are not lone actors - they’re organized, trained, and funded by the state, with teams specializing in social engineering, blockchain analysis, and money laundering.
How do they hide the stolen money?
They use crypto mixers - services that pool stolen coins with others to obscure their origin. After mixing, the funds are converted into stablecoins like USDT, moved through offshore exchanges, and eventually cashed out via peer-to-peer trades or intermediaries in countries with weak oversight. This process makes tracing the money nearly impossible.
Can the U.S. or UN stop these thefts?
They can disrupt them, but not stop them entirely. The U.S. has sanctioned crypto mixers, tracked stolen wallets, and offered $15 million rewards for information. South Korea, Japan, and the U.S. now share intelligence through a trilateral task force. But because crypto operates outside traditional banking, regulators can’t freeze accounts or block transfers like they can with banks.
What does the stolen money pay for?
The funds directly support North Korea’s weapons of mass destruction programs - including nuclear warheads, ballistic missiles, and chemical weapons. Money is used to buy raw materials, pay scientists, fund testing facilities, and maintain infrastructure. Without crypto theft, the regime would struggle to sustain its military ambitions under international sanctions.
Eddy Lust
November 27 2025im just stunned that we’re letting a regime with nukes fund them with crypto like it’s a side hustle. like, we have the tech to track this stuff, but we’re still acting like it’s 2015 and ‘blockchain is just a buzzword.’