North Korea Cryptocurrency Hacks: $400M Stolen in 2023

North Korean Cyberattacks Target Cryptocurrency Platforms

According to a recent analysis by Chainalysis, a blockchain data firm, North Korean hackers executed a minimum of seven attacks against cryptocurrency platforms throughout the previous year.

These cyber incursions resulted in the theft of approximately $400 million in digital assets. The report highlights a significant escalation in activity.

Increased Frequency and Value of Attacks

The number of hacks linked to North Korean entities experienced a notable increase, rising from four in 2020 to seven in 2021.

Concurrently, the total value illicitly obtained through these attacks grew by 40% during the same period.

Targets of the Attacks

The primary targets of these attacks were investment companies and centralized exchanges within the cryptocurrency ecosystem.

Hackers employed a range of sophisticated techniques to compromise these organizations.

Tactics Employed by Hackers

Funds were extracted from the organizations’ “hot wallets” – those connected to the internet – using methods like phishing schemes, code vulnerabilities, malicious software, and advanced social engineering.

Following successful breaches, a meticulous laundering process was initiated to obscure the origin and facilitate the conversion of the stolen funds.

Cryptocurrency Breakdown

In 2021, Ethereum comprised 58% of the stolen funds, while Bitcoin accounted for 20%.

The remaining 22% consisted of ERC-20 tokens and various other altcoins.

Funding Weapons Programs

The report references findings from the United Nations Security Council, indicating that North Korea utilizes the proceeds from these hacks to finance its programs related to weapons of mass destruction (WMD) and ballistic missiles.

Attribution to the Lazarus Group

The Lazarus Group, a hacking collective associated with North Korea’s Reconnaissance General Bureau – its primary intelligence agency – is strongly suspected of orchestrating these attacks.

This group has a history of cyberattacks, including previous incidents targeting Sony Pictures Entertainment and the deployment of WannaCry ransomware.

Use of Cryptocurrency Mixers

Over 65% of the stolen cryptocurrency was laundered through “mixers” – software tools designed to obfuscate transactions by pooling and scrambling digital assets from numerous addresses.

Unlaundered Funds Held

North Korea currently holds approximately $170 million in unlaundered crypto funds, originating from 49 separate hacks that occurred between 2017 and 2021.

Strategic Holding of Funds

The report suggests that the continued retention of these unlaundered funds may indicate a deliberate strategy.

It is speculated that North Korea may be awaiting a decrease in law enforcement scrutiny before attempting to cash out, demonstrating a calculated approach rather than a desperate one.