The Korea Herald


N. Korean hackers steal $1b in crypto from DeFi protocols this year: report

Cryptocurrency theft by N. Korea accounts for more than half of losses

By Ji Da-gyum

Published : Aug. 17, 2022 - 17:53

    • Link copied

(123rf) (123rf)
North Korea-affiliated hacking groups stole around $1 billion worth of cryptocurrency just from decentralized-finance protocols in the first seven months of this year, a US blockchain analysis firm said Tuesday.

Cryptocurrency theft by North Korean hackers accounted for more than 50 percent of the total losses arising from cryptocurrency hacks, according to an online report released by blockchain data platform Chainalysis.

Stolen cryptocurrency in hacks of various services amounted to $1.9 billion through July this year, making a nearly 60 percent increase from the same point in 2021. A total of $1.2 billion in cryptocurrency has been stolen in the same period last year.

“This trend doesn’t appear set to reverse any time soon, with a $190 million hack of cross-chain bridge Nomad and $5 million hack of several Solana wallets already occurring in the first week of August,” New York-headquartered Chainalysis said.

North Korean state-sponsored hacking groups’ focus on targeting decentralized finance, or DeFi, protocols were pointed to as the major reason for the surge in cryptocurrency theft this year.

DeFi protocols have also become an easy target of North Korea’s state-sponsored hacking groups including US-sanctioned Lazarus Group, Chainalysis reported, elucidating that a stunning increase in funds stolen from DeFi protocols began in 2021.

“Furthermore, much of the value stolen from DeFi protocols can be attributed to bad actors affiliated with North Korea, especially elite hacking units like Lazarus Group,” it said in the report. “We estimate that so far in 2022, North Korea-affiliated groups have stolen approximately $1 billion of cryptocurrency from DeFi protocols.”

DeFi is an emerging financial technology that allows users to privately exchange cryptocurrencies with one another without a centralized intermediary or involving order books on public blockchains.

Protocols, widely known as standardized codes, are used to create decentralized applications and smart contracts to enable online peer-to-peer financial transactions. But Chainalysis pointed out that DeFi protocols are “uniquely vulnerable to hacking” as they use open source code that can be studied and exploited by cybercriminals.

For instance, hackers can steal cryptocurrency from DeFi protocols via a flash loan attack. Flash loan attackers can manipulate cryptocurrency prices by exploiting faulty codes.

London-based blockchain analytics firm Elliptic in June said that North Korea’s state-sponsored Lazarus Group has shifted focus to attacking decentralized finance platforms such as blockchain bridges.

Elliptic also revealed that Lazarus Group was believed to be behind the $100 million cryptocurrency theft from Harmony’s blockchain bridge service, called Horizon Bridge.

The US government has blamed Lazarus Group for stealing $625 million from Axie Infinity’s proprietary Ronin blockchain bridge in March, the largest known virtual currency heist to date

“Additionally, we shouldn’t expect theft to drop based on cryptocurrency market movements the way scamming does — as long as crypto assets held in DeFi protocol pools and other services have value and are vulnerable, bad actors will try to steal them,” Chainalysis said.

“The only way to stop them is for the industry to shore up security and educate consumers on how to find safe projects to invest in.”