North Korean hackers stole nearly $400 million in cryptocurrency last year from at least seven cyber attacks against the exchange platform.
According to a recent report by blockchain analysis firm Chainalysis, “from 2020 to 2021, the number of North Korean-linked hacks increased from four to seven, and the value extracted from these hacks increased by 40%.” “Once North Korea obtained custody of the funds, they began a careful laundering process to cover up and cash out.”
While Chainalysis neglected to identify every target of the hack, the report pointed out that they were primarily investment firms and centralized exchanges. One such exchange, Liquid.com, reported unauthorized access to multiple wallets it managed in August last year.
According to the report, the hackers used a variety of skills to extract funds from the wallets of these organizations to addresses controlled by North Korea. These include phishing lures, code exploits, malware, and advanced social engineering techniques. Additionally, the report detailed that North Korea has significantly increased the use of ‘mixers’ to launder stolen cryptocurrencies.
Lazarus Group
It appears that many of these cyber attacks were carried out by the Lazarus Group, which is controlled by the United States General Bureau of Reconnaissance, North Korea’s primary intelligence bureau. The group has previously been accused of involvement in “Wanna Cry” ransomware attacks and a 2014 cyberattack against Sony Pictures.
Last year, the United States charged three North Korean programmers with a massive, years-long hacking spree, allegedly hoping to steal $1.3 billion in cash and crypto. Meanwhile, South Korean media outlets reported late last year that North Korea had hacked 2 trillion won ($1.7 billion) of cryptocurrency from exchanges. Reports also state that the hackers hold the property instead of immediately selling it for cash.
For its part, the Chainalysis report identified $170 million in unlicensed cryptocurrency holdings from 49 different hacks that occurred between 2017 and 2021. Although uncertain about their ultimate motives, the report states that it demonstrates deliberate forethought on the part of hackers. Chainalysis concluded, “For whatever reason, (North Korea) is prepared to hold these funds because it suggests a careful plan, not a desperate and hasty one.”