"Now, we may be witnessing the second wave of this campaign: state-sponsored actors seeking to steal bitcoin and other virtual currencies as a means of evading sanctions and obtaining hard currencies to fund the regime", said the report.
"If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies such as South Korean won, United States dollars, or Chinese renminbi", the report added.
The report said that North Korean hackers also breached an English-language bitcoin news website and collected bitcoin ransom payments from global victims of the malware WannaCry. "It is their continued, illegal and aggressive actions that have brought us to this point, and it is North Korea that must change its course".
Following a series of behind-the-scenes negotiations Sunday, diplomats agreed not to ban oil exports to North Korea.
The resolution does not impose an oil import ban or worldwide asset freeze on the government and leader Kim Jong Un that the Trump administration had wanted.
"It should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise", McNamara wrote in the report.
He said: "The global community has shown it is united against the illegal and reckless acts by the North Korean regime".
According to the report, the state-sponsored hackers attacked three South Korean cryptocurrency exchanges since May 2017 to steal funds.
FireEye identified the malware, known as PEACHPIT, and provided examples of documents it was attached to, including one published by Seoul-based Hyundai Research Institute about the state of bitcoin industries.
The group behind the hacks, which FireEye identified as TEMP.Hermit, has made a name for itself out of bitcoin theft, including a 2015 attack on South Korea's nuclear industry.
Hackers tied to North Korea are also suspected of carrying out a series of attacks on global banks that came to light past year. This marked a departure from previously observed activity of North Korean actors employing cyber espionage for traditional nation state activities. "They've been creative in how they use their cyber-espionage capability". After acquiring bitcoin or other cryptocurrencies, North Korea could then launder them on exchanges and get hard cash in return, as its main avenues for making money get cut off one by one. A similar technique was used last month to empty the bitcoin wallets related to WannaCry. "There are variety of things they could do to cash out".