Cryptocurrency worth hundreds of millions of dollars has been stolen from exchanges around the world by North Korean hackers, according to security firm FireEye. Much of the loot has helped fund the Hermit Kingdom’s nuclear program.

FireEye has singled out an elite team of hackers named APT 38, thought to be part of better-known North Korean hacking group Lazarus. The FBI holds Lazarus responsible for the large-scale WannaCry ransomware attack in 2017, which caused hundreds of millions of dollars in damage via more than 200,000 hacked computers.

The crypto from APT 38’s hacks make up “a significant percentage of North Korean GDP,” a European security official told WIRED, and “are channelled into the DPRK’s missile and nuclear development programs.”

Get the BREAKERMAG newsletter, a weekly roundup of blockchain business and culture.

South Korean intelligence has linked the North to hacks both in the South and in Japan—including one that saw more than $500m in cryptocurrency stolen. FireEye has also linked North Korea to the hacking of a cryptocurrency news website in 2016, apparently for information gathering purposes.

As well as targeting cryptocurrency exchanges, Lazarus and APT 38 have been prolific in cyber bank robbery all over the world. Traditional financial institutions have been compromised in at least 10 countries in Asia and Latin America. More than $13 million was fraudulently taken from Cosmos Bank in India last year, most of it through 14,000 physical ATMs.

North Korea has restarted work on its nuclear capability following a breakdown in talks between Kim Jong-Un and Donald Trump. US analysts and South Korean intelligence agreed last month that the North had begun rebuilding a satellite launching station and an engine testing facility—two parts of its intercontinental ballistic missile program.