Following North Korean hackers: CryptoQuant recorded a visit from an IP address in North Korea.
The analytical platform CryptoQuant has recorded unusual activity: a visit from a user with an IP address belonging to North Korea. This incident, detected in Amplitude analytics systems, sheds light on which tools and data interest hacker groups associated with the DPRK.
Visit Details: What Was the North Korean User Looking For?
According to a screenshot published by the platform, the visit was made from a device running the Mac OS X operating system. The user navigated to the page for the Bitcoin: MVRV Ratio metric via a Google search. The page title and the referral from google.com indicate a targeted search for this specific indicator.
The MVRV Ratio (Market Value to Realized Value) itself is a key on-chain indicator that compares an asset's market capitalization to its realized capitalization. It is used to assess whether Bitcoin is overvalued or undervalued relative to the weighted average purchase price of all coins. Interest in it from a North Korean IP is not a coincidence but a direct indication of professional interest in market cycles.
Why This Is Likely Hackers, Not a Random User
In North Korea, access to the global internet is strictly limited and is a privilege for a select few—mainly state, military, and diplomatic structures. An ordinary citizen does not have the ability to freely access the worldwide web. Therefore, a visit from an IP address in the DPRK with a high degree of probability points to a state agent or a member of a hacker group.
The context also reinforces this version. The DPRK regularly appears in blockchain analysts' reports as one of the main sources of cyber threats to the crypto industry. According to a widely held view, cyber operations bring funds to the closed and sanctioned country that are difficult to obtain through legal means. Digital assets have become an important economic resource for Pyongyang.
Lazarus Group and Others: Notable Attacks
Several hacker groups are linked to North Korea, the most famous of which is the Lazarus Group. They are attributed with the largest crypto thefts in history, including the withdrawal of over $600 million from the Ronin network (Axie Infinity) in 2022 and the hack of the Coincheck exchange for approximately $534 million in 2018. The North Korean authorities themselves deny involvement in such attacks.
Expert Comment: This isolated incident is irrefutable evidence that North Korean hackers are actively monitoring fundamental on-chain metrics such as the MVRV Ratio. This indicates a high level of their training and strategic planning of attacks, rather than chaotic actions. The market should consider that behind each such visit may be preparation for another large-scale operation.