Analysts at CryptoQuant have recorded a visit by North Korean hackers to the platform: what are they interested in?
The on-chain analytics platform CryptoQuant has reported unusual activity: a visit from a user with an IP address linked to North Korea. Given the strict internet access restrictions in North Korea, this event almost certainly indicates that the person behind the screen was not an ordinary citizen, but a professional state-sponsored hacker.
According to a screenshot from the Amplitude system, the user navigated to the Bitcoin metric page: MVRV Ratio via a Google search. Their operating system was Mac OS X. By itself, a single visit does not allow for identification or direct confirmation of ties to state structures, but the context is crucial.
In North Korea, access to the global network is a privilege primarily available to individuals associated with state, military, or diplomatic structures. This is why an IP address from this country highly likely points to a state agent rather than an ordinary user. Such a visit is not mere curiosity, but a targeted intelligence-gathering effort.
The MVRV Ratio (Market Value to Realized Value) is a key metric that compares an asset's market capitalization to its realized value. It is used to assess whether Bitcoin is overvalued or undervalued relative to the average purchase price of coins. Why would a North Korean hacker need this metric? The answer lies in the context.
Cryptocurrency as an Economic Resource for Pyongyang
North Korea regularly appears in blockchain analytics reports due to crypto hacker activity. According to a common theory, cyber operations provide the closed and sanctioned country with funds that are difficult to obtain through legal means. Digital assets have become an important economic resource for Pyongyang.
Several groups are linked to Pyongyang, the most famous being the Lazarus Group. They are attributed with the largest crypto thefts in history, including the theft of over $600 million from the Ronin network (Axie Infinity) in 2022 and the hack of the Coincheck exchange for approximately $534 million in 2018. The North Korean authorities themselves deny involvement in such attacks.
Expert opinion: The interest of North Korean hackers in the MVRV Ratio metric is not just academic curiosity. It is a signal that they are preparing for larger-scale operations. Understanding market cycles and assessing an asset's fair value is necessary for planning the timing of liquidating stolen funds. If hackers are studying such metrics, it means they are seeking to maximize their profits, and therefore, the market may face new waves of pressure.