Crypto bad actors from the Democratic People’s Republic of Korea have stolen $340.4 million in 2023, down from $1.7 billion from the prior year, but that’s no reason to feel at ease.
Cryptocurrency stolen by North Korea-linked hackers is down a whopping 80% from 2022 — but a blockchain forensics firm says it isn’t necessarily a sign of progress.
As of Sept. 14, North Korea-linked hackers had stolen a total of $340.4 million worth of cryptocurrency, down from a record $1.65 billion reported funds stolen in 2022.
Cryptocurrency funds stolen by North Korean-backed groups between 2016-2023. Source: Chainalysis
“The fact that this year’s numbers are down is not necessarily an indicator of improved security or reduced criminal activity,” Chainalysis said in a Sept. 14 report. “We must remember that 2022 set a dismally high benchmark.”
Over the past 10 days, North Korea’s Lazarus Group has been linked to two separate hacks — Stake ($40 million) on Sept. 4 and CoinEx ($55 million) on Sept. 12, combining for a loss of over $95 million.
With the latest two hacks, North Korea-linked attacks have made up for about 30% of all crypto funds stolen in hacks this year, noted Chainalysis.
“Lazarus continues to be prolific crypto thieves, which is made even more troublesome by the national security threat that DPRK poses,” Erin Plante, Chainalysis’ vice president of investigations told Cointelegraph.
Funds stolen from North Korean hacking groups vs others between 2016 and 2023. Source: Chainalysis
To strengthen defenses against attacks, cryptocurrency firms need to train employees to counter social engineering tactics commonly deployed by these hacker groups, she added:
North Korea turns to dubious exchanges, mixers
Meanwhile, Chainalysis has found that North Korean hackers have become increasingly reliant on certain Russian-based exchanges to launder illicit funds over the last few years.
The firm said North Korea has been using various Russian-based exchanges since 2021. One of the largest laundering events involved $21.9 million in funds transferred from Harmony’s $100 million bridge hack on June 24, 2022.
We’ve observed instances of DPRK-linked hackers sending funds to Russian services since 2021. But this year’s transfer of $21.9M stolen from Harmony to a high-risk Russian exchange is an escalation of that activity. You can see examples of some of those transactions below. pic.twitter.com/S9cDxlk9Hu
The United Nations is making an effort to curtail North Korea’s cybercrime tactics at the international level — as it is understood North Korea is using the stolen funds to support its nuclear missile program.
Meanwhile, the firm hopes increased smart contract audits will make life tougher for these hackers.
Update: Sept. 14 at 3:50 am UTC: This article has been updated to include comments from Chainalysis Vice President of Investigations Erin Plante.