You are here: Home » Reuters » News
Business Standard

Cryptocurrency may be getting quietly channelled to North Korea university: report

Reuters  |  SEOUL 

By Lee

SEOUL (Reuters) - A cybersecurity company said it has found software that appears to install code for mining and sends any mined coins to a server at a North Korean university, the latest sign that may be searching for new ways to infuse its economy with

The application, which was created on Dec. 24, uses host computers to mine a called Monero. It then sends any coins to Kim in Pyongyang, said cybersecurity firm AlienVault, which examined the program.

"Crypto-currencies may provide a financial lifeline to a country hit hard by sanctions, and as a result universities in have shown a clear interest in cryptocurrencies," the California-based security firm said in a release, adding that the software "may be the most of their endeavours."

The company added a caveat that a North Korean server used in the code does not appear to be connected to the wider internet, which could mean its inclusion is meant to trick observers into making a North Korean connection. Kim Il Sung University, however, plays host to foreign students and lecturers, not just North Koreans.

Kim did not immediately respond to requests for comment. Government officials representing at the were not immediately available for comment.

Others have flagged increasing signs of North Korean interest in

"With economic sanctions in place, cryptocurrencies are currently the best way to earn foreign currency in North Korea's situation. It is hard to trace and can be laundered several times," said Mun Chong-hyun, at South Korean cybersecurity firm

watchers say technical details of Monero, the 13th-largest crypto asset in the world, according to, with a total value of more than $7 billion, make it more appealing than bitcoin to those who value secrecy.

Monero funds go to an unlinkable, one-time address generated with random numbers every time a payment is issued. That makes it less traceable than bitcoin, where transactions can be linked to specific, albeit anonymous, private addresses, cybersecurity experts said.

South Korea-based Bithumb, the world's busiest exchange, is also the largest Monero trading exchange in the world, with about 24 percent of trading volume. The next largest were Europe-based exchange HitBTC and Hong Kong-based Bitfinex, as of Monday.

Cybersecurity firm cited in a November blog post a series of North Korean activities against South Korean targets such as exchanges. wrote that "it should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise."

In early November, Federico Tenga, the Italian of Chainside, posted on his account pictures and comments on his visit to lecture on at the University of Science and Technology.

"The lectures were at a quite basic level to give a general understanding of blockchain technologies, which are also very relevant to trade, supply chains and other e-business," a for the university said.

"We believe this teaching can give the next generation of North Korean professionals additional concepts that may be valuable as they seek to develop their country," the added. "We're acutely aware of issues around sanctions, which we keep under regular review and take care to avoid any sensitive or proscribed areas."

Tenga said his lectures were geared toward explaining the of cryptocurrencies.

"The focus of the lectures was to make the students understand what the blockchain is, how it works (special focus on proof of work) and what are the main use cases. My aim was simply to spread technical knowledge, not suggesting them how to use it," Tenga told in a series of messages.

AlienVault's report said one North Korean IP address,, has been active on bitcoin trading sites. That is the same address used to control in 2014-15 cyberattacks on South Korean energy, traffic, telecommunications, broadcasting, financial and political institutions, according to security firm .

The report also observed that North Korean IP addresses have downloaded several episodes of the automotive TV series and documentaries by the show's former presenter James May.

(Reporting by Lee; Additional reporting by Haejin Choi and Marius Zaharia; Editing by Gerry Doyle)

(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

First Published: Mon, January 08 2018. 20:12 IST