Wednesday, May 29, 2024

Report: In 2021 North Korea Hacked Nearly $400M in Crypto

North Korean hackers launched at least seven attacks on cryptocurrency platforms last year to steal almost $400 million worth of digital assets, according to a report by blockchain analysis firm Chainalysis. 

“From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%,” the report said.  

The attacks primarily targeted investment firms and centralized exchanges. 

The report stated that the hackers siphoned the funds from the organizations’ internet-connected “hot wallets” into DPRK-controlled addresses by using complex tactics including phishing lures, code exploits, malware, and advanced social engineering.

“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” the report said.  

In 2021, Ethereum and Bitcoin accounted for 58% and 20% of the funds, respectively; 22% came from ERC-20 tokens or altcoins. 

The report also said, citing the United Nations Security Council, North Korea used the money by hacks to support its weapons of mass destruction (WMD) and ballistic missile-related programs. 

As per the analysis report, the Lazarus Group — a hacking group that is part of North Korea’s primary intelligence agency, the Reconnaissance General Bureau — is suspected of carrying out the attacks. The Lazarus Group has previously been accused of the cyberattack on Sony Pictures Entertainment and WannaCry

More than 65% of North Korea’s stolen funds were laundered through mixers — software tools that pool and scramble digital assets from thousands of addresses. 

North Korea also owns unlaundered crypto funds, which are believed to be worth $170 million, from 49 separate hacks spanning from 2017 to 2021. 

Recommended:  Atlassian Patches critical Confluence hardcoded credentials flaw

“It’s unclear why the hackers would still be sitting on these funds, but it could be that they are hoping law enforcement interest in the cases will die down, so they can cash out without being watched. Whatever the reason may be, the length of time that DPRK is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one,” the report said. 

Read the full report
Return to Cybersecurity News

You may enjoy reading,

ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates