North Korean hackers have been a persistent threat to the cryptocurrency ecosystem, stealing an estimated $2 billion in crypto over the past five years. A recent report from blockchain intelligence firm TRM Labs highlights their activities. In 2023 alone, North Korea has stolen around $200 million, constituting 20% of this year’s total stolen funds.
These North Korean cyberattacks are notably larger than those by other malicious actors. They have targeted the decentralized finance (DeFi) ecosystem, particularly focusing on cross-chain bridges that handle substantial cryptocurrency transfers. Notable incidents include the Axie Infinity Ronin Bridge hack, which resulted in $650 million stolen, and a cumulative $800 million stolen in three separate attacks in 2022.
The hackers employ various methods, such as phishing and supply chain attacks, which involve compromising private keys and seed phrases. To evade detection, North Korean hackers have become more sophisticated in on-chain laundering techniques. They have moved away from relying solely on cryptocurrency exchanges for cashing out stolen crypto and have adopted intricate “multi-stage money laundering processes.”
These adaptations in their tactics are responses to sanctions, law enforcement efforts, and advancements in blockchain tracing tools. An ideal example is the 2023 Atomic Wallet hack, where $100 million was stolen from 4,100 addresses. This incident likely involved phishing or supply chain attacks. The stolen funds were drained from wallets across different blockchains (Ethereum, Tron, Bitcoin, XRP, Dogecoin, Stellar, and Litecoin), then laundered by swapping ERC-20 and TRC-20 tokens to Ether and Tron through decentralized exchanges.
Earlier, in response to these exploits by North Korean hackers, the United Nations issued a concerning report about North Korea’s involvement in cryptocurrency-related crimes. In 2022, hackers from North Korea reportedly stole approximately $1 billion in cryptocurrency, more than double the amount stolen in the previous year. The report estimates the total value of North Korea’s theft to range from $630 million to over $1 billion, surpassing the amount stolen in 2021.
In a recent report by Todayq News on July 21, 2023, North Korean hackers (referred to as Labyrinth Chollima) once again exploited a cloud service (JumpCloud) to steal funds from cryptocurrency firms. The attack targeted multiple companies, aligning with the hackers’ history of focusing on the cryptocurrency sector. Crowdstrike and JumpCloud are currently conducting investigations, although specific details regarding the stolen amount remain undisclosed.