Most of the hacking-and-laundering operation is visible to expert eyes, however.

“This isn’t happening in some shadowy corner of the world,” says David Carlisle of Elliptic, another blockchain-analysis company.

“It’s happening in public on the blockchain.”

This helps investigators trace funds and understand hacking methods—and they are getting better at doing both.

America has blacklisted crypto-wallets associated with North Korean hackers.

In May it targeted Blender.io, a mixer used in the Axie Infinity hack.

In September American investigators recovered $30m of cryptocurrency stolen in that hack.

Given a drop in the value of cryptocurrency after the heist, that represented about 10% of the total.

On February 16th Norwegian authorities seized another $5.8m.

But countries should adopt more stringent measures, argues Allison Owen of the Royal United Services Institute, a London-based think-tank.

“Most hacks begin with relatively unsophisticated phishing attacks.

Better regulation of the industry and cyber-hygiene could help prevent them.”

The crypto industry is meanwhile getting better at policing itself.

On February 14th two centralised exchanges, Binance and Huobi, froze $1.4m of cryptocurrency associated with a North Korean hack.

The hackers are also adapting and improving.

“It is a bit of a game of whack-a-mole,” says Mr Carlisle.

Even if North Korea’s hackers could actually lay their hands on only a fraction of the $1.7bn they stole, it would all be worthwhile, notes Dennis Desmond, a former American intelligence officer who now teaches at the University of the Sunshine Coast in Australia.

“It’s all free cheese,” he says.

Mr Desmond foresees a continuing “arms race” in theft and counter-theft capability between the hackers and crypto-crimefighters.

If the crimefighters could only get the upper hand, it might help to slow the actual arms race, illuminated by a blaze of ballistic missiles, taking place on the Korean peninsula.