North Korean crypto hacks down 80%, but that could change overnight: Chainalysis

Friday, 15 Sep 2023

Cointelegraph By Brayden Lindrea

Original Article

Crypto bad actors from the Democratic People’s Republic of Korea have stolen $340.4 million in 2023, down from $1.7 billion from the prior year, but that’s no reason to feel at ease.


Join us on social networks

Cryptocurrency stolen by North Korea-linked hackers is down a whopping 80% from 2022 — but a blockchain forensics firm says it isn’t necessarily a sign of progress.

As of Sept. 14, North Korea-linked hackers had stolen a total of $340.4 million worth of cryptocurrency, down from a record $1.65 billion reported funds stolen in 2022.

Cryptocurrency funds stolen by North Korean-backed groups between 2016-2023. Source: Chainalysis

“The fact that this year’s numbers are down is not necessarily an indicator of improved security or reduced criminal activity,” Chainalysis said in a Sept. 14 report. “We must remember that 2022 set a dismally high benchmark.”

“In reality, we are only one large hack away from crossing the billion-dollar threshold of stolen funds for 2023.”

Over the past 10 days, North Korea’s Lazarus Group has been linked to two separate hacks — Stake ($40 million) on Sept. 4 and CoinEx ($55 million) on Sept. 12, combining for a loss of over $95 million.

With the latest two hacks, North Korea-linked attacks have made up for about 30% of all crypto funds stolen in hacks this year, noted Chainalysis.

“Lazarus continues to be prolific crypto thieves, which is made even more troublesome by the national security threat that DPRK poses,” Erin Plante, Chainalysis’ vice president of investigations told Cointelegraph.

Funds stolen from North Korean hacking groups vs others between 2016 and 2023. Source: Chainalysis

To strengthen defenses against attacks, cryptocurrency firms need to train employees to counter social engineering tactics commonly deployed by these hacker groups, she added:

“With North Korean-linked hackers in particular, sophisticated social engineering tactics that take advantage of the trusting and carelessness of human nature to gain access to corporate networks has long been a favored attack vector. Teams should be trained on these risks and warning signs.”

North Korea turns to dubious exchanges, mixers

Meanwhile, Chainalysis has found that North Korean hackers have become increasingly reliant on certain Russian-based exchanges to launder illicit funds over the last few years.

The firm said North Korea has been using various Russian-based exchanges since 2021. One of the largest laundering events involved $21.9 million in funds transferred from Harmony’s $100 million bridge hack on June 24, 2022.

United States-sanctioned cryptocurrency mixers Tornado Cash and Blender have also been used by Lazarus Group in the Harmony Bridge hack and other high-profile hacks committed by the group.

We’ve observed instances of DPRK-linked hackers sending funds to Russian services since 2021. But this year’s transfer of $21.9M stolen from Harmony to a high-risk Russian exchange is an escalation of that activity. You can see examples of some of those transactions below.

— Chainalysis (@chainalysis)

September 14, 2023

Related: FBI flags 6 Bitcoin wallets linked to North Korea, urges vigilance in crypto firms

The United Nations is making an effort to curtail North Korea’s cybercrime tactics at the international level — as it is understood North Korea is using the stolen funds to support its nuclear missile program.

Meanwhile, the firm hopes increased smart contract audits will make life tougher for these hackers.

Magazine:Deposit risk: What do crypto exchanges really do with your money?

Update: Sept. 14 at 3:50 am UTC: This article has been updated to include comments from Chainalysis Vice President of Investigations Erin Plante.


Cointelegraph By Brayden Lindrea

You May Also Like…

Open chat
BlockFo Chat
Hello 👋, How can we help you?
You can choose between Telegram or WhatsApp 👍
📱 When you've made your choice, we automatically transfer to the right app 🔝🔐
🖥️ Or, if you use a PC or Mac, then we'll open a new window to load your desktop app.