Crypto news

20.06.2026
01:34

Analysts at CryptoQuant have detected North Korean hackers: on-chain metrics have come into play.

The world of cryptocurrency analytics has received an unexpected confirmation that North Korean hackers are actively monitoring the market. The CryptoQuant platform recorded a visit from a user with an IP address belonging to the DPRK. The target of interest was the page featuring the MVRV Ratio metric for Bitcoin. This observation, published on social network X, sheds light on the tools used by professional cybercriminals from the closed country.

Visit Details: What Were They Looking For in the DPRK?

According to data from the Amplitude analytics system, the visit was made from a computer running Mac OS X. The user navigated to the CryptoQuant page from a Google search by entering a query for the MVRV Ratio metric. The fact that the IP address points to North Korea is no coincidence. Access to the global internet in the DPRK is a privilege for a select few, mainly those associated with state, military, or diplomatic structures. Therefore, this visit is highly likely the work of hackers rather than an ordinary citizen.

The MVRV Ratio (Market Value to Realized Value) is a fundamental on-chain indicator that compares the current market capitalization of an asset with its "realized" capitalization (the average purchase price of all coins). This tool helps assess whether Bitcoin is overvalued or undervalued relative to historical holder profit levels. Why North Korean hackers needed this metric remains a matter of speculation, but the interest in macroeconomic market data is quite telling.

Context: The DPRK and the Cryptocurrency Threat

This episode fits into the broader picture of North Korea's active role in the cryptocurrency sphere. Pyongyang systematically uses cyberattacks as a source of funding to circumvent international sanctions. The most notorious group linked to the DPRK is the Lazarus Group. It is blamed for some of the largest thefts in history: the theft of over $600 million from the Ronin network (Axie Infinity) in 2022 and the hack of the Coincheck exchange for approximately $534 million in 2018.

Analyst's Opinion. The fact that North Korean hackers are turning to on-chain metrics like the MVRV Ratio is not mere curiosity. It is evidence that even the most closed state structures are forced to adapt to market reality. They no longer act blindly: they study macro trends to choose optimal moments for liquidating stolen assets. This makes them even more dangerous and predictable adversaries for the entire ecosystem.