South Korea Blacklists North Korean Crypto Thieves, Flags Wallet Addresses

The South Korean government has blacklisted four North Korean individuals and seven institutions that allegedly financed "nuclear and missile development" with illegal cyber activities, including crypto theft.

"This is the first independent sanctions against North Korea in the cyber sector by the South Korean government," a Ministry of Foreign Affairs notice from Friday said. "It is expected that it will serve as an opportunity to alert the world to the risk of virtual asset trading with North Korea by including the virtual asset wallet address as the identification information of the subject of sanctions."

Crypto theft in North Korea hit a record high in 2022. A pair of North Korean hacker groups also orchestrated the theft of $100 million in crypto from Horizon Bridge, the U.S. Federal Bureau of Investigation said in January. A U.S. blacklisted Ethereum wallet allegedly tied to elite North Korean hacker group Lazarus was also involved in a $600 million hack last March.

The South Korean sanctions targeted individuals with suspected ties to Lazarus. The individuals named include Park Jin-hyeok of the Chosun Expo joint venture company, which is an alleged front for Lazarus.

The seven institutions targeted for sanctions allegedly participated in cyberattacks "such as hacking and theft of virtual assets" or training cyber experts, the notice said.

Under regulations, it's forbidden to trade crypto with a blacklisted entity without prior permission from South Korea's Financial Services Commission, the notice added. Crypto transactions are included in the country's regulations prohibiting the financing of terrorism.

Read more: North Korea Crypto Theft Hit Record High Last Year, UN Says: Reuters