TRM Labs Report: Groups Tied to North Korea Stole $600 Million in Crypto in 2023

Table of Contents

• $3 Billion in Crypto Lost to North Korean Hackers Since 2017
• Nearly All Hacks Compromised Private Keys and Seed Phrases
• Hacking Continues Despite Advances in Cybersecurity
• Losses Due to Crypto Hacks Down 51% in 2023

Blockchain intelligence firm TRM Labs revealed North Korean hackers account for 33% of all crypto stolen through hacks in 2023. According to TRM’s report, North Korean hackers stole $600 million in crypto during that time.  

North Korean hackers were responsible for $600 million stolen in crypto in 2023, translating into roughly 33%. 

$3 Billion in Crypto Lost to North Korean Hackers Since 2017

According to a recent report by blockchain intelligence firm TRM Labs, groups tied to the Democratic People’s Republic of Korea (DPRK) accounted for an estimated 33% of all crypto stolen through hacks in 2023. The report reveals $600 million lost in crypto is confirmed to be North Korean hacking groups. If confirmed, additional hacks carried out in the last couple of days of 2023 would push the total loss to around $700 million. 

TRM Labs reports that Pyongyang-links actors have stolen nearly $3 billion worth of crypto since 2017.

Source: TRM Labs

The report also states that hacks committed by the DPRK were, on average, ten times more devastating than those not associated with North Korea. 

Nearly All Hacks Compromised Private Keys and Seed Phrases

The blockchain intelligence firm reports the DPRK's money laundering efforts are evolving to “evade international law enforcement pressure.” TRM’s research reveals North Korea conducts almost all of its hacks by compromising private keys and seed phrases. The report explains hackers transfer victims’ digital assets to wallet addresses controlled by North Korean groups. The perpetrators proceed to swap the assets for mostly Tron of USDT and then convert them to fiat currency using OTC brokers. 

TRM Labs reveals how the hackers continue their activities despite sanctions and enforcement actions.

“As US sanctions and enforcement actions targeted Tornado Cash and ChipMixer – its previous go-to obfuscation platforms – North Korea pivoted to another mixer it had already begun using, the BTC service Sinbad. After Sinbad was sanctioned by OFAC in November 2023, North Korea continued exploring other laundering tools,” TRM Labs said. 

Findings from Elliptic Enterprises revealed hackers affiliated with the North Korean government turned to using a new crypto mixer to launder stolen digital assets after “Blender” was sanctioned for aiding Lazarus Group. It is believed Blender re-launched as “Sinbad.” Lazarus was responsible for some of the most prolific 2023 hacks, including CoinEx’s $55 million exploit.

Hacking Continues Despite Advances in Cybersecurity

According to TRM Labs, North Korea stole over $1.5 billion in the past two years. The firm explained:

“…North Korea’s hacking prowess demands continuous vigilance and innovation from business and governments. Despite notable advancements in cybersecurity among exchanges and increased international collaboration in tracking and recovering stolen funds, 2024 is likely to see further disruption from the world’s most prolific cyber-thief.”  

In 2022, North Korea accounted for a third of crypto cyber losses, most notably through the Lazarus Group. A report by the Council on Foreign Relations revealed over $1 billion was lost from the crypto sector in 2022 through North Korean hacking syndicates. 

Losses Due to Crypto Hacks Down 51% in 2023

Despite North Korea’s continued crypto exploit efforts, blockchain security firm CertiK found that crypto losses due to hacks were down 51% in 2023 compared to 2022. In its annual report, CertiK reveals that $1.8 billion in crypto assets were lost across 751 security breaches in 2023. 2022 saw a staggering $3.7 billion in crypto losses due to hacks, scams and exploits. CertiK’s report indicates private key compromises were the most costly attack vector.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.