Visible to the public Cybersecurity Snapshots #26 - North Korean Hackers Are Focusing on Stealing CryptocurrencyConflict Detection Enabled

Cybersecurity Snapshots #26 -

North Korean Hackers Are Focusing on Stealing Cryptocurrency

North Korean hackers have been linked to several major crypto heists in recent years, and last year alone were able to steal nearly $400 million worth of cryptocurrency. One major breach in 2021 was against Japan-based Liquid, a cryptocurrency exchange, where North Korean hackers were able to steal over $97 million in cryptoassets. Ethereum tokens made up $45 million of the cryptoassets stolen. In the past five years, North Korean hacker groups stole $1.5 billion in cryptocurrency, not including the unaccounted hundreds of millions more that the country has stolen from the traditional financial system. Stolen cryptocurrency now contributes significantly to Kim Jong-un's totalitarian regime coffers as it seeks to fund itself and its weapons programs, despite the country's heavily sanctioned, isolated, and ailing economy.

According to researchers at Chainalysis, North Korean hacking groups used various techniques to siphon crypto funds out of the victims' internet-controlled "hot" wallets into Democratic People's Republic of Korea (DPRK) controlled addresses. These included phishing lures, code exploits, malware, and advanced social engineering. The researchers stated that once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out. Many of the hacks observed by the researchers were likely carried out by the notorious Lazarus Group (APT 38), which is led by North Korea's main intelligence agency, Reconnaissance General Bureau. The researchers stated that since 2018, the group has focused its efforts on cryptocurrency crime. One reason the North Korean hackers are now focusing on cryptocurrency over other forms of financial crime is no doubt the relative ease of laundering digital cash. After the Lazarus Group's Bangladeshi bank heist, for instance, the North Koreans had to enlist Chinese money launderers to gamble its tens of millions at a casino in Manila to prevent investigators from tracking the stolen funds. By contrast, Chainalysis found that the groups have plenty of options to launder its stolen cryptocurrency. The researchers also found that the North Koreans have been remarkably patient in cashing out their stolen crypto, often holding onto the funds for years before beginning the laundering process to help avoid detection. The researchers noted that the hackers appear to still be holding on to $170 million in unlaundered cryptocurrency from previous years' thefts, which they will undoubtedly cash out over time.

In 2021, for the first time since researchers at Chainalysis began tracking North Korean cryptocurrency thefts, Bitcoin no longer represented anywhere near the majority of the country's take, accounting for only around 20 percent of the stolen funds. Fully 58 percent of the groups' cryptocurrency gains came instead in the form of stolen ether, the Ethereum network's currency unit. Another 11 percent, around $40 million, came from stolen ERC-20 tokens, a form of crypto asset used to create smart contracts on the Ethereum blockchain.

Because North Korea's hackers operate under the auspices of the isolated state and are rewarded at home for their thefts abroad, it is very difficult to stop them from stealing more cryptocurrency. Counterstrikes on the country's web infrastructure are limited because North Korea has few connected devices, and its cellphone data network is mainly cut off from the rest of the world. Security researcher Jenny Jun from Atlantic Council stated that "the fight against North Korea's illicit activities is like a whack-a-mole game, cracking down will lead to displacement rather than cause the regime to stop or focus on legitimate economic activity." Many security researchers believe that until the cryptocurrency industry figures out how to secure itself against hackers and prevent their coins from being laundered and converted into clean bills, then North Korea's revenue from stolen cryptocurrency will only continue to grow.