North Korea-linked actors are increasingly relying on human recruitment and insider access, rather than direct cyberattacks, to obtain sensitive information and move funds through crypto, according to a South Korean Supreme Court ruling.
North Korea Shifts Crypto Espionage Strategy Toward Infiltration, Court Ruling Shows
30 December 2025 - 16:02 CET
By Matt Neill
The court upheld a four-year prison sentence for a South Korean cryptocurrency exchange employee who attempted to recruit an active-duty army officer to leak military secrets in exchange for Bitcoin, according to local media outlet Dailian.
The ruling confirms lower-court findings that the operation was conducted under instructions from North Korea-aligned actors.
Recruitment over hacking
Court documents cited by Dailian show the defendant contacted a 30-year-old army captain via Telegram, offering cryptocurrency in return for access to classified military information.
Acting on instructions, the defendant supplied a watch-type hidden camera and a USB device intended to extract data from South Korea’s Joint Command and Control System used in coordination with US forces.
Military authorities intercepted the equipment before any successful breach occurred. The Supreme Court ruled that the deliberate recruitment effort itself constituted a serious national security crime, even though the attempted system intrusion failed.
Crypto as payment rail.The exchange employee received about ₩700mn, or around $485,000, worth of Bitcoin, while the recruited officer was paid roughly ₩48mn equivalent in crypto, according to the court findings.
Judges stressed that the offence centred on espionage and recruitment under South Korea’s National Security Act, rather than cryptocurrency usage itself.
The Supreme Court imposed a four-year prison term and a four-year ban from employment in the financial sector on the exchange employee.
The military officer received a 10-year sentence for violating military secrecy laws. The court rejected arguments that the activity fell short of espionage, citing clear intent to obtain military secrets for a hostile state.
The case highlights how North Korea-aligned operations are adapting under tighter cyber defences, shifting toward low-visibility infiltration and insider access, while favouring crypto primarily as a funding and coordination rail.
