The Korea Herald


NK hackers stole $400m in cryptocurrency last year: report

By Ahn Sung-mi

Published : March 20, 2022 - 15:42

    • Link copied

Cryptocurrency (123rf) Cryptocurrency (123rf)
North Korean hackers launched at least seven attacks on cryptocurrency platforms last year and stole nearly $400 million worth of digital assets, according to a blockchain data firm report submitted to the US Senate.

The heist marked a 40 percent increase from 2020 when it stole about $300 million, according to Jonathan Levin, co-founder of Chainalysis, in a written testimony submitted to the Senate Committee on Banking, Housing and Urban affairs for a hearing on digital assets and illicit finance on Thursday in the US. 

He said that the attacks targeted primarily investment firms and exchanges, deploying techniques such as phishing lures, code exploits and malware to siphon funds out from the organizations’ “hot” wallets and then move them into North Korea-controlled addresses.

“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” he said.

In the testimony, he noted that many of last year’s attacks were carried out by the Lazarus Group, a hacking group led by the North’s primary intelligence bureau, Reconnaissance General Bureau, which the US has imposed sanctions against.

The Lazarus Group, which was accused of orchestrating the notorious Sony Pictures hack in 2014 and WannaCry attack in 2017, in recent years has concentrated its efforts on digital asset crime -- a strategy that has proven immensely profitable, it added.

“From 2018 on, the group has stolen and laundered massive sums of virtual currencies every year, typically in excess of $200 million,” it said.

The revenue generated from these hacks goes to support North Korea’s weapons of mass destruction and ballistic missile programs, the report said, citing the UN Security Council.

North Korea appears to be looking into digital money laundering to evade international sanctions on the regime, with the United Nations panel of experts monitoring sanctions on Pyongyang having said early this year that “cyberattacks, particularly on cryptocurrency assets, remain an important revenue source” for the regime.

The North Korean hackers targeted a diverse variety of cryptocurrencies last year, with ethereum accounting for 58 percent of the funds stolen, and bitcoin at 20 percent, whereas 22 percent were either ERC-20 tokens or altcoins, according to Chainalysis.

Levin identified that more than 65 percent of the North’s stolen funds were laundered through so-called mixers -- “software tools that pool and scramble digital assets from thousands of addresses” -- in an attempt to obscure the money’s origin.