North Korean hackers exposed themselves: CryptoQuant recorded a visit from an IP in North Korea
The analytical platform CryptoQuant recorded a unique case: a visit from a user with an IP address belonging to North Korea to the page with the MVRV Ratio metric. This event, published on social network X, drew the attention of cybersecurity experts, given the strict restrictions on internet access in the DPRK.
Visit Details: What is Known
According to a screenshot from the Amplitude system, the visit was made from a Mac OS X operating system via a referral from google.com. The user was searching for data on the MVRV Ratio — a key indicator for assessing whether Bitcoin is overvalued or undervalued. However, the main detail is the country of origin: North Korea.
In the DPRK, access to the global internet is a privilege for a select few, mainly those associated with state, military, or diplomatic structures. Ordinary citizens are denied this opportunity. Therefore, a visit from a North Korean IP almost certainly points to a state agent rather than a random user.
Why This Matters: Context of Crypto Hacking Activity
North Korea has long been associated with some of the most notorious crypto thefts in history. The Lazarus Group, linked to Pyongyang, is behind the theft of over $600 million from the Ronin network (Axie Infinity) in 2022 and the hack of the Coincheck exchange for $534 million in 2018. For a country under sanctions, digital assets have become a critical source of funding.
Interest in analytical tools such as the MVRV Ratio may indicate that North Korean hackers are not only stealing but also studying market metrics to plan operations. This makes sense: understanding Bitcoin cycles helps choose the optimal time to liquidate stolen funds.
Expert Opinion from Cryptalist
Although a single visit does not allow identifying a specific hacker, it highlights that North Korean cyber operations are becoming increasingly sophisticated. The use of professional analytical platforms is a sign that hackers are moving from simple attacks to strategic asset management. For investors, this is another signal: monitor on-chain data, as large movements of funds from such groups can impact the market.