North Korean Hackers: CryptoQuant Records Visit from a North Korean IP Address — What Does This Mean for the Market?
The analytical platform CryptoQuant has detected unusual activity: a user with an IP address from North Korea visited the page for Bitcoin's MVRV Ratio metric. This incident, recorded by the Amplitude system, sheds light on which tools and analytical data are of interest to North Korean state hackers.
A screenshot of the visit, published on social network X, shows that the user navigated to the CryptoQuant page from a Google search, using the Mac OS X operating system. The page title is "Bitcoin: MVRV Ratio." The visit itself, being a single event, does not allow for user identification, but the context of internet access in North Korea makes this observation highly significant.
Why is this not a random citizen?
In North Korea, access to the global internet is a privilege for the few. The vast majority of citizens are denied internet access. The network is mainly available to state, embassy, and military structures. Therefore, a visit from a North Korean IP address highly likely indicates a state agent, not an ordinary resident. According to the post's author, on-chain analytics may now be conducted by individuals close to the country's top leadership.
The MVRV Ratio (Market Value to Realized Value) is a metric that compares an asset's market capitalization to its realized capitalization. It is used to assess whether Bitcoin is overvalued or undervalued relative to the average purchase price of coins. Why exactly this metric was needed by a North Korean user remains a mystery, but the very fact of interest in market data at a high level raises questions.
Cryptocurrency as a resource for Pyongyang
North Korea regularly appears in reports by blockchain analysts due to the activity of crypto hackers. According to a common theory among researchers, cyber operations provide the closed and sanctioned country with funds that are difficult to obtain through legal means. Digital assets have become an important economic resource for Pyongyang.
Several groups are linked to Pyongyang, the most famous of which is the Lazarus Group. They are credited with the largest crypto thefts in history, including the withdrawal of over $600 million from the Ronin network (Axie Infinity) in 2022 and the hack of the Coincheck exchange for approximately $534 million in 2018. The North Korean authorities themselves deny involvement in such attacks.
Expert opinion: This incident is not just a curiosity, but a signal. The interest of North Korean structures in fundamental on-chain metrics, such as the MVRV Ratio, may indicate that they are moving from a "brute force" tactic to a more strategic market analysis. This could mean that their future attacks will be more selective and aimed at moments of maximum market vulnerability. Ignoring this trend would be imprudent.