North Korean hackers exposed themselves: CryptoQuant recorded a visit from an IP address in North Korea.
Professional analytical tools used for blockchain monitoring have themselves become the focus of attention from North Korean specialists. The CryptoQuant platform recorded a visit from a user with an IP address belonging to the DPRK. This case sheds light on how hackers from the closed country study the digital asset market.
According to data from the Amplitude analytics system, the visit was made to a page with the Bitcoin MVRV Ratio metric. The transition was made via the Google search engine. The device was running Mac OS X. The single visit itself does not allow identifying the user's identity or directly confirming their connection to state structures. However, context is crucial.
Why this is not an ordinary citizen
In North Korea, access to the global network is a privilege for a select few. The internet is mainly available to individuals associated with state, embassy, or military structures. That is why a visit from a North Korean IP address highly likely indicates a state agent, not an ordinary citizen. This observation reinforces the version that on-chain analytics is now being conducted by those close to the country's top leadership.
MVRV Ratio (Market Value to Realized Value) is a metric that compares an asset's market capitalization with its realized value. It is used to assess whether Bitcoin is overvalued or undervalued relative to the average purchase price of coins. Why this metric was needed by a North Korean remains a mystery, but given the country's reputation in the field of crypto thefts, the interest is clearly not academic.
Cryptocurrency as an economic resource of the DPRK
North Korea regularly appears in blockchain analysts' reports due to the activity of crypto hackers. According to a version common among researchers, cyber operations provide the closed and sanctioned country with funds that are difficult to obtain through legal means. Digital assets have become an important economic resource for Pyongyang.
Several groups are associated with Pyongyang, the most famous of which is the Lazarus Group. They are attributed with the largest crypto thefts in history, including the withdrawal of over $600 million from the Ronin network (Axie Infinity) in 2022 and the hack of the Coincheck exchange for about $534 million in 2018. The North Korean authorities themselves deny involvement in such attacks.
Expert comment: This incident is not just a curiosity but a signal for the entire industry. The fact that North Korean hackers have begun actively studying fundamental metrics like MVRV indicates the growing sophistication of their methods. The market should be prepared for their attacks to become not only more frequent but also more calculated, taking into account Bitcoin's macroeconomic cycles.