North Korean Hackers Extracted $400m Worth of Digital Assets in 2021
Image courtesy of 123rf.

North Korean Hackers Extracted $400m Worth of Digital Assets in 2021

DPRK’s state-sponsored hacks peaked in 2021, with the total value of digital assets stolen growing by 40%.
Neither the author, Kingsley Alo, nor this website, The Tokenist, provide financial advice. Please consult our website policy prior to making financial decisions.

A new report has revealed the continued growth of North Korean cyberattacks within the crypto industry in 2021. As reported by Chainalysis, the Democratic People’s Republic of Korea (DKPR) sponsored at least seven attacks on cryptocurrency platforms. They were aimed mostly at investment firms and centralized exchanges, resulting in nearly $400 million worth of digital assets being stolen.

The ‘Lazarus Group’ Linked With The Majority of Attacks

The complex techniques used in the hacks have led many security analysts to pinpoint DPRK’s cyber actors as responsible for the attacks. The Lazarus group led by North Korea’s primary intelligence agency, the Reconnaissance General Bureau—a group sanctioned by the US and the UN—is believed to be behind the majority of attacks.

The group’s activities are well detailed, especially from its previous hacks of Sony pictures in 2014 and the Wannacry attack in 2015. Following its successes, the emerging cryptocurrency industry has become its primary focus, and the Lazarus group has continued to succeed.

Since 2018, the gang has stolen and laundered vast sums of virtual currency, generally more than $200 million yearly. Individual hacks on KuCoin and an unnamed cryptocurrency exchange netted more than $250 million.

The UN’s security council alleges that proceeds from these hacks are used to fund North Korea’s WMD and ballistic missile development. Reports suggest that the proceeds from these hacks have thrown a lifeline to North Korea’s ailing economy, which sanctions have hampered. Especially as President Kim Jong Un has shown little interest in returning to negotiations that could lead to sanctions relief for North Korea.

Join our Telegram group and never miss a breaking digital asset story.

Number Of Attacks Rises As Ether Accounts For Majority Of Funds Stolen

The Chainanalysis report shows that the number of North Korean linked hacks grew from 4 to 7 in 2021. Meanwhile, the value of stolen funds stood at $400 million, representing an almost 40% difference within a year.

Source: Chainalysis.

Surprisingly, Bitcoin now accounts for less than 25% of crypto assets stolen by the DPRK in terms of monetary value. This is perhaps because over $10 billion worth of BTC is laundered and used for illicit activities. Ether, the native token of the Ethereum blockchain currently rivaling Bitcoin for supremacy, accounts for 58% of North Korean hacked funds. This is the first time ETH has topped BTC in this unwanted metric. Other altcoins and ERC-20 backed tokens account for 22%, with Bitcoin covering the remaining 20%.

Source: Chainalysis.

The complexities of the hacks and the increased variety of digital assets stolen have caused an increase in the use of mixers. Mixers are tools used to disguise transactions by aggregating cryptocurrency from several users. The mixer service is popular among money launderers for “cleaning” their crypto tokens and throwing investigators off the trail

In 2021, more than 65% of the DPRK’s stolen assets were laundered through mixers, from 42% in 2020 and 21% in 2019. This indicates how careful these hackers are getting with each passing year.

The Crypto Industry is Getting More Resilient

Despite the seemingly high number of hacks, the digital currency space is more resilient to these malicious activities. The intrinsic transparency of many cryptocurrencies provides a viable solution to cybercrime and laundering activities in the space. Compliance teams, criminal investigators, and hack victims can use blockchain analysis tools to track the transfer of stolen cash. These instruments can help seize or freeze stolen assets and hold bad actors accountable for their actions. 

It is important to note that state-sponsored attacks are well funded and usually targeted at centralized platforms. Individual wallets are not the typical targets of their attacks. However, the activities of these cybercriminals paint North Korea as a menacing threat to the entire crypto industry.

Finance is changing.
Learn how, with Five Minute Finance.
A weekly newsletter that covers the big trends in FinTech and Decentralized Finance.

Do you see DKPR-sponsored hacks reducing in the future as the industry becomes more resilient? Let us know in the comments below.