North Korean hackers seized at least $400 million worth of digital assets in at least seven online heists on cryptocurrency platforms last year, according to a new report by Chainalysis.
The review found that 2021 was one of the most successful years on record for cybercriminals, with the value of the stolen cryptocurrency increasing 40 percent from 2020 to 2021. Ether accounted for up to 58 percent of the stolen cryptocurrency, while Bitcoin only accounted for 20 percent of the loot. The remaining 22 percent were altcoins or ERC-20 assets, which are blockchain-based assets running on the Ethereum platform.
The targets appear to be primarily investment firms and centralized exchanges. Various methods were used to sneak cryptocurrency from organizations’ online wallets to addresses affiliated with the Democratic People’s Republic of Korea (DPRK), including an advanced phishing campaign, code exploits, malware, and advanced social engineering. Once the funds were secured, they were converted into other cryptocurrencies and mixed into other wallets in an attempt to cover their tracks. Eventually, the laundered cryptocurrency was converted into “traditional” money using Asian-based crypto exchanges.
The exact identity of the hackers is unknown, but Chainalysis believes most of the recent attacks were carried out by the Lazarus Group, a cybercrime group with strong links to the North Korean government of Kim Jong-un, according to US intelligence. The Lazarus Group is thought to have emerged around 2010, but in 2014 Sony Pictures Entertainment gained notoriety with hacking attacks. In these hacks, hackers stole personal information from Sony Pictures employees and asked the Sony film studio to withdraw The Interview, a 2014 comedy movie about the assassination of Kim Jong-un, starring James Franco and Seth Rogen.
The Chainalysis review says that North Korea currently holds a large amount of cryptocurrencies worth about $170 million. Although it is not clear why this money was kept, the authors of the report state that it shows that this was not just a hasty robbery by criminals, but a calm and calculated program carried out with determination.
“When combined, these behaviors paint a portrait of a nation that supports cryptocurrency-enabled crime on a large scale. Systematic and sophisticated, the North Korean government – whether through the Lazarus Group or other criminal organizations – has advanced into the cryptocurrency industry in 2021. and solidified itself as a permanent threat.
The DPRK, which is thought to have had a difficult time with heavy international sanctions, seems to be increasingly turning to cryptocurrencies as a way to finance costly nuclear and missile development programs. In 2021, a panel of experts told the UN Security Council that North Korea had amassed $316.4 million from 2019 to November 2020 through cryptocurrency hacks, some of which was devoted to nuclear weapons and ballistic missile development.
Figuring out where the funds from last year’s heists will go will be an incredibly complex task, but we can predict that it won’t be spent on NFTs. . .