How did North Korea cultivate world-class hackers to steal $1.5 billion in cryptocurrency again?

On February 21, the cryptocurrency exchange Bybit suffered a $1.5 billion hacking incident, once again bringing the North Korean hacker group Lazarus Group into the spotlight.

In recent years, this organization has repeatedly succeeded, from the theft at KuCoin exchange to the hack of the Ronin cross-chain bridge, and even the personal wallet of the founder of Defiance Capital was compromised, all orchestrated by this mysterious hacking group.

You might be curious how North Korea, as one of the most closed countries in the world, has cultivated such astonishing power on the digital battlefield.

In traditional military fields, North Korea struggles to compete with the US-South Korea alliance, but cyber warfare provides it with a strategic leverage of "using a small force to achieve a great effect."

Since the 1980s, the North Korean government has expended significant effort on hacker training, internally codenamed "Secret War."

Jang Se-yul, a North Korean defector who fled to South Korea in 2007, previously attended North Korea's top engineering school, Mirim University (now renamed University of Automation). During his university years, Jang took courses offered by the 121 Bureau alongside other hackers.

After graduation, Jang joined the North Korean government's Reconnaissance General Bureau, where the 121 Bureau is an elite spy agency. It was during this time that he began to interact with the top hackers within the 121 Bureau.

In a later interview with Business Insider, Jang Se-yul stated that compared to North Korea's nuclear threats, the threat of cyber warfare is more tangible and dangerous. He said, "This is a silent war. The battle has already begun without a shot being fired."

The question is, how does such a poor and resource-scarce country invest heavily in cyber warfare?

Jang Se-yul's answer is: Because it is very cheap to train a hacker.

Generally speaking, North Korea is divided into three main classes: the basic masses (core class), the complex masses (ordinary middle class), and the remnants of hostile classes (landlords, wealthy farmers, etc.). These classes are further divided into 56 sub-classes, all recorded in the resident registration system and used during the recruitment process.

Ahn Chan-il, chairman of the World North Korea Research Center, stated that in the past, North Korean hackers were also judged by their background, as a decline in loyalty to the party could pose a threat to the regime.

However, after the international community imposed comprehensive sanctions on North Korea, blocking its avenues for earning foreign currency, the country could only resort to illegal means through cyber attacks to earn foreign currency.

This also opened a special channel for cyber warfare talent, allowing for unconventional recruitment.

Jang's alma mater—University of Automation—is the core base for training North Korean hackers. He stated, "Each class only enrolls 100 students, but there are as many as 5,000 applicants."

This can be seen as a PLUS version of the college entrance examination; once successfully admitted and becoming a hacker, one can join the top 1% of North Korea, although the process is particularly arduous.

Before these young hackers are deployed, they must undergo nearly nine years of rigorous training, starting as young as 17.

While in school, they attend six classes daily, each lasting 90 minutes, learning various programming languages and operating systems. They spend a significant amount of time analyzing programs like Microsoft's Windows operating system, studying how to breach the computer information systems of hostile countries such as the US and South Korea.

Additionally, their core task is to develop their own hacking programs and computer viruses, rather than relying on existing external hacking programs.

In Jang's view, North Korean hackers are technically on par with top programmers from Google or the CIA, and may even be better.

From the first day of their education, these "little black soldiers" are assigned missions and goals, divided into different groups focusing on attacking different countries and regions, such as the US, South Korea, and Japan. Once hackers are assigned to a specific "national group," they spend nearly two years infiltrating that country, learning the local language and cultural knowledge, so as not to reveal any flaws beyond their technical skills.

Jang mentioned that one of his friends worked for an overseas department of the 121 Bureau, but on the surface, he was an employee of a North Korean trading company. No one knew his true identity, and his company operated normally.

Due to the unique nature of cyber warfare, these young hackers have the freedom to use the internet, gaining immediate access to the latest developments abroad, and they are well aware that their country is very "closed and conservative," but this does not shake their patriotism and loyalty to their leader.

"Even if others forcibly persuade them or offer them jobs at the South Korean presidential office, they would not betray their country," Jang stated.

Of course, once they become hackers, it also means money and privileges.

Young hackers can earn a monthly salary of up to $2,000, which is double that of an ambassador stationed abroad. In addition, they can obtain luxurious apartments of over 185 square meters in the center of Pyongyang and can relocate their families to the capital, which are undoubtedly extremely enticing conditions.

In this new era where keyboards replace missiles, the keyboards of young hackers will become the sword of Damocles over cryptocurrency.