A report by blockchain analysis firm Chainalysis has stated that North Korea was behind at least seven attacks on different cryptocurrency exchanges, resulting in nearly $400 million worth of digital assets being stolen. Attacks linked with North Korean hackers jumped from four to seven in 2021.
Nearly $400 Million Stolen Last Year
With nearly $400 million worth of crypto assets stolen, 2020 was among the most successful years for the notorious North Korean-based hackers. The report by Chainalysis, which was released on Thursday, stated,
“From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40 percent. Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out.”
Funding Pyongyang’s Nuclear Ambition?
The United Nations, which has set up an expert panel to monitor sanctions imposed on North Korea, has accused the country of using the stolen funds to support its nuclear and ballistic missile programs in an attempt to circumvent sanctions. It should be remembered that North Korea is under a host of sanctions for pursuing its nuclear program.
North Korea has a policy of not responding to any media queries but has denied allegations of hacking leveled against it on several previous occasions. Last year, the United States government brought in charges against three North Korean Computer Programmers for a major hacking spree that reportedly stole over $1.3 billion in fiat and crypto, with their targets spanning from banks to movie studios.
A Broad List of Targets
While Chainalysis did not or could not identify all the targets of the hacking attempts, it stated that the targets of the hackers were primarily centralized exchanges and investment firms. Liquid.com was one such target, which back in September had stated that some of the cryptocurrency wallets under its management had been compromised.
The hackers mostly use tried and tested methods such as code exploits, malware, phishing. And social engineering to siphon funds from the organization to wallet addresses controlled by North Korea.
The Lazarus Group
The group behind the spate of attacks over the past year is the Lazarus group, which claims to be controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence bureau. This is the same group thought to be behind the infamous “WannaCry” ransomware attacks, the 2014 cyberattack on Sony Pictures, and the hacking of several international banks and their customer groups.
Stepping Up Laundering Efforts
North Korea has also significantly stepped up its efforts to launder all of the cryptocurrency it has stolen, with Chainalysis stating that there has been a significant uptick in the number of software tools to pool and scramble cryptocurrencies from thousands of addresses. Chainalysis also identified $170 million of unlaundered cryptocurrency holdings. It identified the source of these from 49 separate hacks that had taken place between 2017 to 2021.
While it is unclear why the funds are still lying around with the hackers, it is speculated that they are looking to outwit law enforcement before they make any attempt to cash out. Chainalysis stated in its report,
“Whatever the reason may be, the length of time that (North Korea) is willing to hold on to these funds is illuminating because it suggests a careful plan, not a desperate and hasty one.”
North Korea Behind Crypto Heists Worth $1.7 Billion
South Korean media outlets have reported that cyber hackers based in North Korea are directly responsible for the theft of more than $1.7 billion from various crypto exchanges. The reports stated that the tokens were stolen as a “long-term” haul and not a short-term cash flow. The Justice Department had accused three North Korean Military Intelligence Officials of being the perpetrators of the attacks.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.