North Korea has financed around half its foreign currency income and 40% of its weapons of mass destruction programs through malicious cyberattacks, according to a United Nations panel of experts report released Wednesday.
The report from the U.N. Security Council sanctions committee investigating North Korea said Pyongyang is suspected of carrying out 58 cyberattacks on cryptocurrency firms from 2017 through 2023, valued at roughly $3 billion. Seventeen cryptocurrency heists in 2023 alone, potentially tied to North Korea, are valued at over $750 million, the report said.
"The malicious cyberactivities of [North Korea] generate approximately 50% of its foreign currency income and are used to fund its weapons programs," the panel said, citing one U.N. member state. A second country reported 40% of Pyongyang's WMD funding comes from illicit cybermeans, it added.
One cybersecurity firm branded North Korea "the world's most prolific cyber-thief," according to the report.
Despite violating U.N. sanctions, North Korea has tripled down on developing nuclear weapons, producing fissile materials and seemingly operating its light water reactor at Yongbyon, the panel said. Activities also continued at Punggye-ri, North Korea's nuclear test site.
The head of the International Atomic Energy Agency, Rafael Grossi, said in November there were signs the light water reactor had been commissioned based on cooling water discharge, potentially allowing production of more plutonium for nuclear bombs.
North Korea has also advanced ballistic missile capabilities like reliability, maneuverability and mobile launchers, the panel assessed, and may have a ballistic missile submarine.
The report underscores how crippling economic sanctions have failed to deter North Korean leader Kim Jong Un from pursuing nuclear weapons and generating funds through cybercrime.