North Korean hackers took off with at least $400 million worth of digital assets in at least seven online heists on cryptocurrency platforms last year, according to a new report by Chainalysis.
The investigation found that 2021 was one of the most successful years on record for cyber-criminals in the so-called “Hermit Kingdom” with the value of stolen cryptocurrency rising by 40 percent from 2020 to 2021. Up to 58 percent of the stolen cryptocurrency was Ether, while Bitcoin made up just 20 percent of the loot. The remaining 22 percent was altcoins or ERC-20 tokens, blockchain-based assets that run on the Ethereum platform.
The targets were primarily investment firms and centralized exchanges. Using a sophisticated arsenal of phishing lures, code exploits, malware, and advanced social engineering to sneak out cryptocurrency from the organizations’ online wallets into addresses linked to the Democratic People’s Republic of Korea (DPRK). Once the funds were secured, they were converted into other cryptocurrencies and mixed into other wallets in an attempt to cover their tracks. Eventually, the laundered cryptocurrency is converted into “conventional” cash using crypto-to-fiat exchanges based in Asia.
The precise identity of the hackers isn’t known, but Chainalysis believes many of the recent attacks were carried out by the Lazarus Group, a cybercrime collection with strong links to the North Korean government of Kim Jong-un, according to US intelligence. The Lazarus Group is thought to have emerged around 2010, but they gained public notoriety when they hacked Sony Pictures Entertainment in 2014. The hackers stole personal information about Sony Pictures employees and demanded the Sony film studio withdraw its upcoming film The Interview, a 2014 comedy starring James Franco and Seth Rogen about a plot to assassinate Kim Jong-un.
The Chainalysis investigation found that North Korea is currently holding a vast amount of cryptocurrency, currently valued at around $170 million. It's not clear why they are sitting on the money, but the report author suggests it shows that this is not merely a rushed heist by rogue criminals, but a calm and calculated program that's being carried out with confidence.
“These behaviors, put together, paint a portrait of a nation that supports cryptocurrency-enabled crime on a massive scale. Systematic and sophisticated, North Korea’s government – be it through the Lazarus Group or its other criminal syndicates – has cemented itself as an advanced persistent threat to the cryptocurrency industry in 2021,” Chainalysis said in a blog post.
Wracked by heavy international sanctions, the DPRK is increasingly looking towards cryptocurrency as a way of funding its costly nuclear and missile development programs. In 2021, a panel of experts told the UN Security Council that North Korea amassed some $316.4 million in cryptocurrency hacks from 2019 to November 2020, some of which would go towards their developing nuclear weapons and ballistic missiles.
It will be an unbelievably complicated task to work out where the funds from last year's heists will end up, but it's unlikely to be spent on NFTs.