Crypto news

20.06.2026
11:17

Analysts at CryptoQuant have recorded a visit by North Korean hackers: the focus is on the MVRV Ratio metric.

The blockchain analytics platform CryptoQuant has detected unusual activity: a visit from a user with an IP address belonging to North Korea. This incident, which the service reported on its account, sheds light on the analytical tools that interest North Korean hackers.

Visit Details: What Were They Looking For in Pyongyang?

According to data from the Amplitude analytics system, the visit was recorded with the following parameters: the user navigated to the page with the Bitcoin MVRV Ratio metric via a Google search, using the Mac OS X operating system. The country of origin is North Korea.

By itself, a single visit does not allow for unambiguous identification of the user's identity or establishing a direct link to state structures. However, context is crucial. In North Korea, access to the global internet is a privilege available mainly to state, military, and diplomatic structures. Therefore, a visit from a "native" IP address highly likely indicates that it is not an ordinary citizen, but a state agent, possibly a member of hacker groups.

The MVRV Ratio Metric: Why Do Hackers Need It?

The MVRV Ratio (Market Value to Realized Value) is a key on-chain indicator that compares the current market capitalization of an asset with its "realized" capitalization (the average purchase price of all coins). It is used to assess whether Bitcoin is overvalued or undervalued relative to the average acquisition price by investors. Why this metric was needed by North Korean hackers remains a matter of speculation. Possibly to assess the optimal moment for liquidating stolen funds or for a deeper understanding of market cycles.

Cryptocurrency as an Economic Resource for North Korea

Interest in this news is heightened against the backdrop of the long-known activity of North Korean hacker groups such as the Lazarus Group. They are linked to the largest crypto thefts in history, including the hack of the Ronin network (Axie Infinity) for over $600 million in 2022 and the attack on the Coincheck exchange for $534 million in 2018. For Pyongyang, under strict sanctions, digital assets have become a critically important, albeit illegal, source of funding.

Expert Opinion: This case is not just a curiosity but a serious signal. It demonstrates that North Korean state hackers are not only stealing assets but also actively studying fundamental on-chain metrics to plan their operations. This raises the bar for cyber threats to the entire crypto industry to a new level.