Cryptocurrency stolen by North Korea-linked hackers is down a whopping 80% from 2022 — but a blockchain forensics firm says it isn’t necessarily a sign of progress.

As of Sept. 14, North Korea-linked hackers had stolen a total of $340.4 million worth of cryptocurrency, down from a record $1.65 billion reported funds stolen in 2022.

Cryptocurrency funds stolen by North Korean-backed groups between 2016-2023. Source: Chainalysis

“The fact that this year’s numbers are down is not necessarily an indicator of improved security or reduced criminal activity,” Chainalysis said in a Sept. 14 report. “We must remember that 2022 set a dismally high benchmark.”

“In reality, we are only one large hack away from crossing the billion-dollar threshold of stolen funds for 2023.”

Over the past 10 days, North Korea’s Lazarus Group has been linked to two separate hacks — Stake ($40 million) on Sept. 4 and CoinEx ($55 million) on Sept. 12, combining for a loss of over $95 million.

With the latest two hacks, North Korea-linked attacks have made up for about 30% of all crypto funds stolen in hacks this year, noted Chainalysis.

“Lazarus continues to be prolific crypto thieves, which is made even more troublesome by the national security threat that DPRK poses,” Erin Plante, Chainalysis’ vice president of investigations told Cointelegraph.

Funds stolen from North Korean hacking groups vs others between 2016 and 2023. Source: Chainalysis

To strengthen defenses against attacks, cryptocurrency firms need to train employees to counter social engineering tactics commonly deployed by these hacker groups, she added:

“With North Korean-linked hackers in particular, sophisticated social engineering tactics that take advantage of the trusting and carelessness of human nature to gain access to corporate networks has long been a favored attack vector. Teams should be trained on these risks and warning signs.”

North Korea turns to dubious exchanges, mixers

Meanwhile, Chainalysis has found that North Korean hackers have become increasingly reliant on certain Russian-based exchanges to launder illicit funds over the last few years.

The firm said North Korea has been using various Russian-based exchanges since 2021. One of the largest laundering events involved $21.9 million in funds transferred from Harmony’s $100 million bridge hack on June 24, 2022.

United States-sanctioned cryptocurrency mixers Tornado Cash and Blender have also been used by Lazarus Group in the Harmony Bridge hack and other high-profile hacks committed by the group.

We’ve observed instances of DPRK-linked hackers sending funds to Russian services since 2021. But this year’s transfer of $21.9M stolen from Harmony to a high-risk Russian exchange is an escalation of that activity. You can see examples of some of those transactions below. pic.twitter.com/S9cDxlk9Hu

— Chainalysis (@chainalysis)

September 14, 2023

Related: FBI flags 6 Bitcoin wallets linked to North Korea, urges vigilance in crypto firms

The United Nations is making an effort to curtail North Korea’s cybercrime tactics at the international level — as it is understood North Korea is using the stolen funds to support its nuclear missile program.

Meanwhile, the firm hopes increased smart contract audits will make life tougher for these hackers.

Magazine:Deposit risk: What do crypto exchanges really do with your money?

Update: Sept. 14 at 3:50 am UTC: This article has been updated to include comments from Chainalysis Vice President of Investigations Erin Plante.