Hacker with North Korean Background

North Korean hackers stole $400M from digital currency platforms: Chainalysis

A new report has revealed that North Korean hackers had yet another prolific year in 2021 stealing digital currencies across the globe. The report by Chainalysis says that these hackers launched at least seven attacks last year, stealing close to $400 million, and then laundering the proceeds through an intricate web of decentralized exchanges and mixers.

For years, North Korea has been linked to massive global hacks and malware campaigns. However, in the past few years, these hackers have reportedly developed an affinity for digital currencies. As far back as 2016, hackers linked to North Korea have been responsible for some of the biggest hacks in the industry.

In 2021, the hackers were at it again, Chainalysis reports. The New York-based blockchain analytics firm found that they launched at least seven attacks on digital currency firms. 

One of these was on Liquid, a Japanese exchange that fell victim to an attack on August 19, 2021. The attackers stole 67 different ERC-20 tokens along with BTC and Ether worth $91 million. Chainalysis found that they quickly converted the tokens to Ether and later to BTC before cashing out the stash.

North Korean hackers rely on diverse methods to infiltrate their victims’ systems. They include code exploits, phishing lures, malware, and advanced social engineering. This use of complex tactics has earned the hackers the term advanced persistent threats (APTs). 

And while the country is home to a sizable number of hacking groups, APT 38, also known as Lazarus Group, is its most notorious by far. The group reportedly enjoys state backing and is allegedly led by the Reconnaissance General Bureau, the primary intelligence agency of North Korea, which has been sanctioned by the United Nations and the United States

According to Chainalysis, Lazarus was largely responsible for most of the attacks conducted from North Korea. Since 2018, the group has stolen and laundered over $200 million each year. Their most successful hacks were on KuCoin and an unidentified exchange, with each seeing over $250 million stolen. 

After two years of consistent drops in digital currencies stolen, North Korean hackers again saw an uptick in 2021, recording a 40% rise in the value of the stolen assets.

North Korean hacking activity
Source: Chainalysis

2021 also saw the hackers move away from BTC, which accounted for 20% of the stolen assets, the lowest ever. ERC-20 tokens accounted for 22% of the assets, with Ether taking the lion’s share at 58%, its highest proportion ever. 

This comes at a time when DeFi has seen a surge, with Ethereum spearheading this industry. DeFi platforms are notorious for having poor security and have been the targets of several hacks over the past year. And when it’s not the hackers stealing the digital assets, the developers are rug pulling and taking off with their investors’ funds.

Once the North Korean attackers steal the funds, they convert them to Ether via decentralized exchanges (DEXes). They then send the Ether to mixers to obfuscate the source, swap it for BTC and then send it to mixers once again. The BTC is then sent to Asian crypto-to-fiat exchanges where the hackers cash out.

In 2021, 65% of the stolen funds were sent to mixers, up from 42% in 2020 and 21% in 2019. This suggests that the attackers are taking a more cautious approach with each passing year.

Meanwhile, cybersecurity firm Kaspersky has identified North Korean hackers to be behind a growing malware campaign. The APT group labeled BlueNoroff started off attacking banks and other financial institutions before settling on digital assets. 

The hackers attack strategically, taking their time to snoop on internal communications or even setting up a legitimate-looking software company. Once they get enough information, they send a harmless-looking email or message on social media platforms to high-ranking executives at digital currency firms and exchanges. Once they get into the system, they drain the wallets and take off without a trace.

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups—a from BitMEX to BinanceBitcoin.comBlockstreamShapeShiftCoinbaseRippleEthereum, FTX and Tether—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.