Hackers from North Korea swiped close to $400 million in cryptocurrencies across at least seven cyberattacks that targeted investment firms and centralized exchanges, with 58% being ether and just 20% being bitcoin, according to the latest data in a Chainalysis report. In 2017, bitcoin comprised just about all crypto stolen by North Korean hackers.
The fraudsters made use of phishing lures, code exploits, malware and advanced social engineering to funnel the funds from connected “hot” wallets into addresses controlled by the Democratic People’s Republic of Korea (DPRK). The monies were then laundered and cashed out.
See also: Crypto Crime Up 79% Against Transaction Volume Surge of 567%
The sophisticated tactics used by the DPRK have led industry security leaders to characterize the hackers as advanced persistent threats (APTs). APT 38, also known as “Lazarus Group,” led by DPRK’s primary intelligence agency, is thought to have engineered most of the attacks in 2021. Hacks associated with North Korea escalated in value 40%.
APTs have been rising over the past three years, following the all-time high of over $500 million in crypto stolen in 2018.
With the increasing variety of crypto being stolen, hackers have had to rely on mixers — a privacy system that hides the source and destination of the coins — in order to launder the funds. The use of mixers is up from 42% in 2020 and 21% in 2019, according to the report.
Read more: Another Grim Day for DeFi as Hackers Loot $30M From Fantom Blockchain Yield Farming Project
“Chainalysis has identified $170 million in current balances — representing the stolen funds of 49 separate hacks spanning from 2017 to 2021 — that are controlled by North Korea but have yet to be laundered through services,” per the report.
Of DPRK’s total holdings, about $35 million resulted from 2020 and 2021 hacks. Over $55 million in unlaundered funds are from 2016 attacks.
“The inherent transparency of many cryptocurrencies presents a way forward. With blockchain analysis tools, compliance teams, criminal investigators and hack victims can follow the movement of stolen funds, jump on opportunities to freeze or seize assets, and hold bad actors accountable for their crimes,” the report indicated.