North Korean cyber-criminals have been on a spree in 2021, stealing nearly $400 million worth of cryptocurrency, as reported by blockchain analysis firm Chainalysis. The thefts were a result of seven attacks on various cryptocurrency platforms, with a focus on investment firms and centralized exchanges. This marks a significant increase from the previous year, with a 40% rise in the value extracted from these heists.
The hackers employed a range of techniques to transfer the funds from the victims’ “hot” wallets to addresses controlled by the Democratic People’s Republic of Korea (DPRK). These methods included phishing, code exploits, malware, and advanced social engineering tactics. Once in possession of the stolen funds, North Korea initiated a meticulous laundering process to conceal and cash out the proceeds.
It is believed that many of these cyber-attacks were orchestrated by the notorious Lazarus Group (APT 38), a cybercrime group affiliated with North Korea’s Reconnaissance General Bureau. Lazarus has a history of high-profile attacks, such as Wannacry, but in recent years, they have shifted their focus to cryptocurrency-related crimes, which have proven to be highly profitable.
North Korean hackers have been implicated in several major cryptocurrency heists, with a report from Venafi stating that cybercrime now serves as the primary source of funding for the authoritarian state. Interestingly, Bitcoin accounted for only 20% of the stolen funds in 2021, while Ether made up 58%, and ERC-20 tokens or altcoins comprised 22%.
Chainalysis has identified $170 million worth of stolen cryptocurrency still under North Korean control, awaiting laundering. These funds are a result of hacks spanning from 2017 to 2021. Erich Kron, a security awareness advocate at KnowBe4, commented on the situation, highlighting the attractiveness of cryptocurrency as a target for cybercriminals due to its decentralized nature and irreversibility of transactions. He noted that nation-states facing financial restrictions can greatly benefit from stealing and manipulating cryptocurrency, especially since a single wallet can contain multiple types of digital assets.
The prevalence of cryptocurrency-related cybercrime underscores the importance of robust security measures in the digital asset space. As hackers continue to target this lucrative sector, organizations and individuals must remain vigilant and take proactive steps to safeguard their investments.