Analytical tools in the hands of North Korean hackers: CryptoQuant recorded a visit from an IP address in the DPRK
Analytics platform CryptoQuant recorded an unusual visit: a user with an IP address from North Korea accessed the MVRV Ratio metric page for Bitcoin. This event, published on social network X, attracted the attention of experts and generated a number of hypotheses about who exactly is behind this visit.
The details recorded by the Amplitude system are as follows: referral from google.com, operating system Mac OS X, country — North Korea. The very fact that traffic originates from the DPRK is already an anomaly. The internet in this country is a tightly controlled resource, accessible only to a narrow circle of individuals associated with state, military, or diplomatic structures. Therefore, such a visit highly likely points to a state agent rather than an ordinary citizen.
The post's author suggested that on-chain analytics may now be used by representatives of the country's top leadership. If this is the case, interest in market metrics is being shown at the highest level. However, it should be emphasized that a single visit does not allow for identifying the user or directly confirming a connection to state structures. Determining the country by IP address only indicates the network exit point, not a specific person.
Cryptocurrency and the DPRK: Context
Attention to this case is heightened against the backdrop of regular reports from blockchain analysts about the activities of North Korean hackers. The DPRK has long been associated with cyber operations that bring funds to the closed and sanctioned country, which are difficult to obtain through legal means. Digital assets have become an important economic resource for Pyongyang.
The most well-known group linked to North Korea is the Lazarus Group. It is attributed with the largest crypto thefts in history, including the withdrawal of over $600 million from the Ronin network (Axie Infinity) in 2022 and the hack of the Coincheck exchange for approximately $534 million in 2018. The North Korean authorities themselves deny involvement in such attacks.
Expert opinion: This incident is not just a curious fact. It highlights that North Korean structures are not only engaged in theft but are also actively studying fundamental market indicators such as the MVRV Ratio. This indicates a shift from simple phishing attacks to more strategic market analysis for planning their actions. The market should be prepared for state-backed hackers to act with increasing sophistication, using professional analytical tools.