North Korean NFTs hold significant importance for Pyongyang’s ongoing exploration of digital assets. Recent evidence shows both legitimate NFT pilots and advanced cyber methods that aim to expand revenue sources while avoiding sanctions.
Key Takeaways
-
North Korea converted cultural assets such as Mount Kumgang photos and Goryeo celadon imagery into NFTs.
-
Government programs tested NFT marketplaces in Southeast Asia to bypass strict global regulations.
-
Cybercriminal groups targeted NFT investors through large-scale phishing and malicious minting.
-
Authorities concluded that NFT operations are technically feasible but limited as a major revenue source.
-
These experiments form part of a wider cryptocurrency theft strategy estimated to have generated around $800 million in 2024, which was published by TRM Labs in its 2025 Crypto Crime Report.
Understanding North Korean NFTs
North Korean NFTs represent a digital asset category that the Pyongyang regime has closely examined for generating foreign currency and avoiding international sanctions. By creating and listing NFTs linked to unique content, the authorities sought to capitalize on collectors’ interest in items that carry exclusivity or reflect rarities from inside the country. This is in line with broader crypto activities where blockchain assets offer anonymity and global reach.
Government Experimentation and Digital Asset Strategy
Official Experimentation Programs
Recent intelligence points to a five-month initiative, from January to May 2025. During this time, North Korea deployed technical personnel from the Korea Computer Center to China under false trade representation. The teams established bases in cities like Beijing and Zhuzhou, operating under front companies to gather insights on NFT technology, platform mechanics, and profit potential.
Content Digitization and Asset Creation
These technical specialists digitized culturally significant pieces. This included landscape photographs of Mount Kumgang, images of Goryeo celadon, and maps of mining operations within North Korea. This transformation was driven by the belief that such rarely seen content might attract global collectors. Each digital collectible was listed on NFT marketplaces with loose identity verification standards in countries like Thailand and the Philippines.
Technical Methods and Infrastructure
Operatives placed great emphasis on blockchain wallet management, using multiple addresses and international corporate registrations to hide actual ownership. Their strategy combined several techniques to enhance obfuscation and reduce traceability:
-
Multi-signature wallet configurations to distribute control.
-
Cross-chain transfers (moving assets between different blockchains) to complicate asset-tracking.
-
Anonymization techniques such as mixers and obfuscation services to limit detection during buy/sell transactions.
Platform Selection and Market Analysis
Teams reviewed different NFT marketplaces by comparing transaction fees, user base and withdrawal methods. They found that platforms with minimal verification and less restrictions had quicker entry. But they also knew that those platforms were volatile and can shut down.
Cybercriminal NFT Operations
Large-Scale Phishing Campaigns
Beyond legitimate testing, North Korean Advanced Persistent Threat (APT) groups escalated efforts by creating hundreds of counterfeit marketplace domains. These sites impersonated popular platforms like OpenSea, X2Y2, and Rarible, directing unsuspecting users to connect cryptocurrency wallets. Attackers capitalized on established brand credibility to steal private keys or funnel assets into addresses they controlled.
Malicious Minting Strategies
In these malicious processes, attackers enticed users to mint new NFTs through fraudulent links. The underlying smart contracts granted the hackers access to wallets, enabling them to transfer funds and existing NFTs out of victims’ accounts. Documented cases showed high-value theft, including thousands of stolen NFTs and hundreds of Ethereum tokens lost to a single fraudulent operation.
Advanced Social Engineering
North Korean operatives also crafted fake gaming experiences. These included counterfeit versions of blockchain-based games designed to lure NFT enthusiasts. These carefully built settings made users feel secure enough to authorize wallet actions. Once wallets were connected, hidden exploits within the game’s code siphoned away digital collectibles and other valuable assets.
Strategic Implications
Revenue Generation Limits
Despite confirming that NFTs could theoretically produce foreign currency, Pyongyang’s final assessment flagged inefficiencies. Costs for setting up covert bases, managing technology, and handling marketplace fees outweighed the returns. North Korean planners considered NFTs less profitable than arms sales, labor exports, and direct cryptocurrency theft. As a result, they viewed NFT operations as experimental rather than essential.
Part of a Broader Cyber Strategy
These operations fit into a larger framework of cryptocurrency theft, which brought in an estimated $800 million during 2024, which was published by TRM Labs in its 2025 Crypto Crime Report. While the direct profit from NFTs remained small, the lessons learned from anonymization, marketplace structures, and user vulnerabilities position North Korean teams to potentially expand these tactics if market conditions improve. By developing both legitimate NFT market expertise and well-honed hacking capabilities, Pyongyang maintains flexibility in pursuing digital revenue.
Conclusion
North Korea’s foray into NFTs highlights its determined efforts to capitalize on new technologies for economic gain while circumventing global sanctions. Despite finding that NFT sales fell short as a primary revenue channel, these experiments advanced Pyongyang’s knowledge of blockchain platforms, user vulnerabilities, and evasive financial methods. By building legitimate market insights alongside cybercriminal strategies, North Korea remains ready to exploit future opportunities in digital assets as conditions evolve.
Frequently Asked Questions
Here are some frequently asked questions about this topic:
How did North Korea use Chinese marketplaces to sell NFTs covertly?
They registered front companies in Chinese cities like Beijing and Zhuzhou, rented local facilities, and leveraged China’s connectivity to international marketplaces. This approach allowed them to list NFTs on Southeast Asian platforms with fewer identity checks.
What methods did North Korea employ to conceal NFT ownership and profits?
To conceal NFT ownership they have relied on complex wallet management techniques, including multiple addresses, cross-chain transactions, and third-country corporate registrations. These steps reduced the ability of investigators to track funds or link them directly to Pyongyang.
Why did North Korea find NFT sales impractical despite technical feasibility?
Analysts concluded that fees, regulatory risks, and marketplace instability made it hard to achieve consistent revenue. Revenue from NFTs was less predictable compared to more established methods like labor exports or direct cryptocurrency hacking.
How were unique North Korean contents transformed into digital NFTs for experiments?
Technical teams digitized assets ranging from landscape photography to maps of mining operations. These files were then minted on blockchain platforms, creating one-of-a-kind tokens that could be sold to collectors abroad.
What role did third-country companies play in North Korea’s NFT experiment?
Fake corporate registrations from third-party countries provided a layer of separation between Pyongyang and NFT sales. These companies offered cover for renting offices, establishing internet connections, and opening financial accounts without revealing North Korea’s direct involvement.
If this article, video or photo intrigues any copyright, please indicate it to the author’s email or in the comment box.