Pyongyang has demonstrated growing interest and capability in exploiting new financial technology to obtain valuable foreign currency needed for its weapons development programs. Given the rising popularity in trading cryptocurrency, North Korean hackers are likely to include new play-to-earn (P2E) crypto games within their illicit cyber-enabled financial schemes.
Once reserved for professional gamers winning massive cash prizes at national and global tournaments, video gaming has evolved to now provide amateur gamers and crypto enthusiasts with opportunities to earn large amounts of cryptocurrency with relative ease. Most video games follow play-to-win (P2W) mechanics that entice players to complete a series of puzzles, tasks, and activities to “beat the game” or progress to the next level. In order to earn money, professional players typically enroll in tournaments organized by third parties to win cash prices and other financial rewards. However, P2E crypto games operate on blockchain technology that facilitates the earning of cryptocurrency within the game itself, or non-fungible tokens (NFTs) that can be later sold for cryptocurrency. The technological mechanics of P2E crypto games remove the need for tournaments or third-party organizers to provide players with potential financial rewards outside of the game, which presents new financial risks within the online gaming world.
The online gaming industry has a history of illicit actors exploiting its networks and user base to conduct and facilitate cyber-enabled financial crime. North Korean hackers have already demonstrated skill and intent to exploit the online gaming community to Pyongyang’s fiscal benefit. In 2011, the Seoul Metropolitan Police Agency reported that a joint operation between North Korean operatives and several South Korean nationals compromised the personal data of roughly 660,000 South Korean citizens and generated at least 6.4 billion Korean won (around $5.3 million) for Pyongyang. According to the report, several South Korean nationals traveled to China to receive infected software for a South Korean online game from North Korean operatives that was allegedly manufactured by North Korean computer programmers affiliated with the U.S.-sanctioned Korea Computer Center (KCC). The South Korean accomplices then sold and distributed the infected gaming software within South Korea and the Seoul police later arrested 15 individuals related to the case. While ultimately successful, this operation likely required a great deal of North Korea’s restricted logistical resources to plan the operation, as well as enlist and train all parties involved. In comparison with P2W games, the technological and financial mechanics of new P2E crypto games would allow Pyongyang to obtain valuable cryptocurrency with relatively less effort and resources.
The financial mechanics involved in P2W and P2E games vary significantly, which raises a different set of potential financial risks. Most financial transactions related to P2W games involve players sending digital payments from their personal bank accounts or credit cards to either the game company to purchase in-game items, or to professional “power leveling” services to enlist gamers to play on their behalf to increase their level. Popular P2E crypto games, such as Axie Infinity, allow players to earn special in-game tokens that can be sold to other players within the game or to cryptocurrency exchanges for cryptocurrency. In 2021, Axie Infinity players in the Philippines reportedly earned enough cryptocurrency that the Filipino government passed a law requiring players to pay income tax on earnings generated from the game. While most P2E crypto games provide players with NFTs or other tokens to sell for cryptocurrency, Coin Hunt World directly rewards its players with cryptocurrency like Bitcoin or Ethereum after completing certain tasks. The rapid expansion and diversity of different financial mechanics incorporated into P2E crypto games present a new genre of potential financial risks within the online gaming world.
While it is unlikely that Pyongyang will order its hackers to spend valuable hours playing P2E crypto games, it may instruct its talented software developers to identify vulnerabilities within the games and write codes that will allow the automation of in-game activities to earn cryptocurrency. North Korean hackers have already demonstrated significant success in obtaining cryptocurrency by issuing malicious codes that can steal, extort, and obfuscate digital transactions, when activated. While North Korean presence in P2E crypto games has yet to be detected, Pyongyang may seek to manufacture and distribute P2E crypto game-specific software programs that can rapidly complete in-game tasks to earn cryptocurrency at a rate faster than any human gamer could achieve. The previous case of North Korean computer programmers writing malicious gaming software for purchase and distribution in South Korea suggests similar implications for P2E crypto games.
Over the years, Pyongyang has successfully stolen millions of dollars-worth of cryptocurrency through sophisticated cyber operations targeting banks, cryptocurrency exchanges, and individuals. As North Korean hackers continue to expand their illicit financial operations within the crypto space, popular P2E crypto games are likely on their radar for 2022.