North Korean hackers stole $400 million worth of cryptocurrency in 2021
North Korean hackers stole nearly $400 million worth of digital assets in at least seven attacks on cryptocurrency platforms last year, according to a report released Thursday by the analytics firm Chainalysis blockchains.
“From 2020 to 2021, the number of North Korea-related hacks increased from four to seven, and the value extracted from these hacks increased by 40%,” the report said.
“Once North Korea obtained custody of the funds, it began a thorough laundering process to conceal and cash out,” the report added.
A United Nations panel that monitors sanctions against North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.
North Korea is not responding to media inquiries, but has previously issued statements denying the hacking allegations.
Last year, the United States accused three North Korean computer programmers working for the country’s intelligence service of a massive year-long hacking spree aimed at stealing more than $1.3 billion in cash and in cryptocurrency, affecting companies ranging from banks to Hollywood movie studios.
Chainalysis did not identify all of the targets for the hacks, but said they were primarily investment firms and centralized exchanges, including Liquid.com, which announced in August that a user not authorized had had access to some of the cryptocurrency wallets it managed.
Attackers used phishing lures, code exploits, malware and advanced social engineering to divert funds from these organizations’ internet-connected “hot” wallets to addresses controlled by North Korea, according to the report. .
Most of the attacks over the past year were likely carried out by the Lazarus Group, a US-sanctioned hacking group that claims to be controlled by the Reconnaissance General Bureau, North Korea’s main intelligence office.
The group has been accused of involvement in the “WannaCry” ransomware attacks, the hacking of international banks and customer accounts, and the 2014 cyberattacks on Sony Pictures Entertainment.
North Korea also appeared to be stepping up its efforts to launder stolen cryptocurrency, dramatically increasing its use of mixers, or software tools that aggregate and scramble cryptocurrencies from thousands of addresses, Chainalysis said.
The report says researchers identified $170 million in old, unlaundered cryptocurrency holdings from 49 separate hacks spanning the period 2017-2021.
The report says it’s unclear why the hackers would still be sitting on those funds, but said they could hope to outwit law enforcement interests before cashing in.
“Whatever the reason, the length of time (North Korea) is willing to hold on to these funds is illuminating, as it suggests a prudent, not desperate, hasty plan,” Chainalysis concluded.