📋

Key Facts

  • A South Korean crypto exchange employee was sentenced to four years in prison for attempting to sell military secrets to North Korea.
  • North Korean hackers paid the employee $487,000 in Bitcoin to recruit a 30-year-old army captain.
  • The staffer sent a watch-shaped hidden camera and a USB 'hacking device' to the captain.
  • The captain, surnamed Kim, was sentenced to 10 years in prison and fined $35,000.
  • Over the past three years, North Korea-affiliated cybercriminals have stolen more than $3 billion in digital assets.

Quick Summary

A South Korean crypto exchange employee has been sentenced to four years in prison for attempting to sell military secrets to North Korea in exchange for Bitcoin. The Supreme Court issued the ruling on December 28, also imposing a four-year ban on the employee from financial sector activities.

Court documents revealed that North Korean hackers paid the exchange staffer $487,000 in Bitcoin to recruit a 30-year-old army captain, who received $33,500 in Bitcoin in return. The staffer approached the officer through a Telegram chat, offering cryptocurrency for access to sensitive military data.

The staffer sent a watch-shaped hidden camera and a USB 'hacking device' to the captain under hacker instructions. These devices were intended to capture and transmit information from the Korean Joint Command and Control System. Military police intercepted the devices before any breach occurred. The captain, surnamed Kim, was sentenced to 10 years in prison and fined $35,000 for violating the Military Secrets Protection Act.

The Sentencing and The Crime

The Supreme Court ruled on December 28 that a former exchange employee must serve four years in prison for attempting to recruit a military officer to sell classified secrets to North Korea. The ruling also imposes a four-year ban on the employee from financial sector activities.

Court documents revealed that North Korean hackers paid the exchange staffer $487,000 in Bitcoin to recruit a 30-year-old army captain. The captain received $33,500 in Bitcoin in return, according to the South Korean media outlet Dailian.

The staffer approached the officer through a Telegram chat, offering cryptocurrency for access to sensitive military data. The staffer sent a watch-shaped hidden camera and a USB 'hacking device' to the captain under hacker instructions.

These devices were intended to capture and transmit information from the Korean Joint Command and Control System, a platform used to share intelligence between the U.S. and South Korea. Military police intercepted the devices before any breach occurred.

The judge addressed the severity of the crime, stating: "The defendant must have been aware that he was attempting to uncover military secrets for a country hostile to South Korea. This crime could have endangered the entire country and was committed for personal financial gain."

"The defendant must have been aware that he was attempting to uncover military secrets for a country hostile to South Korea. This crime could have endangered the entire country and was committed for personal financial gain."

— The Judge

The Captain's Role

The military officer involved, identified only by the surname Kim, was sentenced to 10 years in prison. He was also fined $35,000 for violating the Military Secrets Protection Act.

Kim was a 30-year-old army captain who accepted $33,500 in Bitcoin from the exchange employee. He agreed to provide access to the Korean Joint Command and Control System.

The exchange employee acted under instructions from North Korean hackers to facilitate the transfer of sensitive data. The plan was foiled when military police intercepted the surveillance devices sent to Captain Kim.

North Korea's Crypto Exploits 🌐

On November 4, the U.S. Treasury Department sanctioned eight individuals and two entities linked to North Korea’s cybercrime operations. The sanctions target the flow of cryptocurrency stolen by DPRK hackers.

Over the past three years, North Korea-affiliated cybercriminals have stolen more than $3 billion, primarily in digital assets. They use malware, ransomware, and social engineering to attack banks, exchanges, and other platforms. The Treasury stated that the funds help finance Pyongyang’s nuclear weapons and missile programs.

Among those sanctioned were bankers Jang Kuk Chol and Ho Jong Son, who managed over $5.3 million in cryptocurrency tied to ransomware attacks and DPRK IT workers abroad. The following entities were also targeted:

  • Korea Mangyongdae Computer Technology Corp.
  • President U Yong Su
  • Ryujong Credit Bank in Pyongyang
  • Five DPRK banking representatives in China and Russia

In September 2024, the FBI issued a warning that North Korean hackers were targeting U.S. cryptocurrency exchange-traded funds (ETFs) in an attempt to steal digital assets. According to the agency, the attackers are employing sophisticated social engineering techniques to infiltrate companies linked to these financial products.