North Korean cyber-criminals stole nearly $400m worth of cryptocurrency in 2021, according to a new report by blockchain analysis firm Chainalysis.
The researchers said hackers from the rogue state extracted the funds following at least seven attacks on cryptocurrency platforms, primarily targeting investment firms and centralized exchanges. This represents a significant rise from four hacks recorded in 2020, with the value extracted from heists in 2021 up by 40%.
According to the study, the attackers used various techniques to siphon the funds out of the victims’ internet-controlled “hot” wallets into Democratic People’s Republic of Korea (DPRK)-controlled addresses. These included phishing lures, code exploits, malware and advanced social engineering.
“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” stated the report.
The researchers added that it is likely many of these hacks were carried out by the notorious Lazarus Group (APT 38), which is led by North Korea’s main intelligence agency, Reconnaissance General Bureau. Lazarus has been blamed for high-profile attacks in recent years, including Wannacry. However, the authors observed that since 2018, the group has focused its efforts on cryptocurrency crime, “a strategy that has proven immensely profitable.”
Indeed, North Korean hackers have been linked to a number of major crypto heists in recent years, and a report last year by Venafi found that cybercrime is now the primary means by which the authoritarian state is funded.
Interestingly, the report noted that Bitcoin represented just 20% of the stolen funds last year, with Ether accounting for the majority (58%) and ERC-20 tokens or altcoins making up 22%.
Chainalysis also revealed that it has identified $170m worth of stolen cryptocurrency controlled by the East Asian state, which has yet to be laundered. This is a result of separate hacks spanning from 2017-2021.
Commenting, Erich Kron, security awareness advocate at KnowBe4, said: "Cryptocurrency is a heavily targeted sector when it comes to cybercrime due to the decentralized nature of the currencies and the fact that, unlike with credit card or bank transfers, the transaction happens quickly and is impossible to reverse. Nation-states, especially those under strict tariffs or other financial restrictions, can benefit greatly by stealing and manipulating cryptocurrency. Many times, a cryptocurrency wallet can contain multiple types of cryptocurrency, making them a very appealing target.”