Following North Korean hackers: CryptoQuant recorded a visit from an IP address in North Korea
The analytical platform CryptoQuant has recorded an anomaly: a visit from a user with an IP address belonging to North Korea. This event, published on social network X, has attracted the community's attention because access to the global internet in the DPRK is a privilege for the elite, not ordinary citizens. It is logical to assume that professional hackers, not an average user, are behind this visit.
Details of the Visit: What the Analytics Showed
According to a screenshot from the Amplitude system, the user navigated to the page with the Bitcoin metric: MVRV Ratio via a Google search. Their operating system is Mac OS X, and the country is North Korea. The author of the post hypothesized that on-chain analytics is now of interest at the highest levels of the country's leadership. If this is the case, it is not just hackers showing interest in market metrics, but individuals close to the top echelons of power.
However, it is worth emphasizing: a single visit from an IP address does not allow for personal identification. It only indicates the network exit point, not a specific person. Nevertheless, the context is extremely important. The DPRK regularly appears in blockchain analytics reports in connection with crypto hacker activity.
Cryptocurrency as an Economic Resource for Pyongyang
According to a widespread version, cyber operations provide the closed and sanctioned country with funds that are difficult to obtain legally. Digital assets have become an important economic resource for Pyongyang. Several groups are associated with the DPRK, the most famous of which is the Lazarus Group.
They are credited with the largest crypto thefts in history: the withdrawal of over $600 million from the Ronin network (Axie Infinity) in 2022 and the hack of the Coincheck exchange for approximately $534 million in 2018. The North Korean authorities themselves deny their involvement, but data from blockchain analytics and intelligence reports indicate otherwise.
Analyst's opinion: This incident is not just a curiosity, but a signal. If North Korean hackers have started studying fundamental metrics like the MVRV Ratio, it means they are moving beyond simple thefts and transitioning to strategic market analysis. This complicates the task of protecting crypto infrastructure and requires deeper monitoring of their activity.