North Korea Hacked Nearly $400M in Cryptocurrency Last Year

According to a report by blockchain analysis firm Chainalysis, North Korean hackers attempted at least seven attacks against cryptocurrency platforms last year, stealing about $400 million in digital assets. “From 2020 to 2021, the number of North Korean-linked hacks increased by 40%, with the value taken from these hacks increasing by four,” according to the research.

Investment firms and centralized exchanges were the primary targets of the attacks. According to the study, the hackers used complex tactics like phishing lures, code exploits, malware, and clever social engineering to drain monies from the companies’ internet-connected “hot wallets” into DPRK-controlled addresses.

North Korea Hacked Nearly $400M in Cryptocurrency Last Year

“Once North Korea had possession of the funds, they launched a meticulous laundering operation to conceal and payout,” according to the study. Ethereum and Bitcoin accounted for 58 percent and 20 percent of the funds in 2021, respectively; ERC-20 tokens or altcoins contributed for 22 percent.

According to the study, North Korea utilized the money obtained through hacking to assist its weapons of mass destruction (WMD) and ballistic missile-related activities, citing the UN Security Council, According to the analytical report, the Lazarus Outfit, a hacker group that is part of North Korea’s premier intelligence agency, the Reconnaissance General Bureau, carried out the attacks. The Lazarus Group has previously been blamed for the Sony Pictures Entertainment and WannaCry cyberattacks. More than 65% of North Korea’s stolen funds were laundered through mixers — software tools that pool and scramble digital assets from thousands of addresses. 

North Korea also owns unlaundered crypto funds, which are believed to be worth $170 million, from 49 separate hacks spanning from 2017 to 2021. “It’s unclear why the hackers would still be sitting on these funds, but it could be that they are hoping law enforcement interest in the cases will die down, so they can cash out without being watched. Whatever the reason may be, the length of time that the DPRK is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one,” the report said.