Best Cryptocurrency Exchange Fees

North Korean Hackers Stole $400M in Cryptocurrency Last Year

North Korean Hackers Stole $400M in Cryptocurrency Last Year
Written by publisher team

North Korean hackers stole at least $400 million in cryptocurrency last year, according to an analysis of blockchain activity.

This estimate comes from Chainalysis, a company that specializes in tracking cryptocurrency transactions. The company has also worked with law enforcement to go after suspected cybercriminals, and today published a report documenting the theft of cryptocurrency from a North Korean state-sponsored hacking group called Lazarus.

“North Korea’s cybercriminals had a big year in 2021, launching at least seven attacks on cryptocurrency platforms that extracted nearly $400 million in digital assets last year,” said Chainalysis.

Lazarus is perhaps best known for allegedly conducting the 2014 Sony Pictures hack, and the spread of the WannaCry ransomware in 2017. Since then, the group has also been spotted stealing hundreds of millions of cryptocurrencies, often from virtual exchanges and investment firms. The goal is to fund the North Korean government and nuclear weapons programs, according to the United Nations.

“From 2020 to 2021, the number of North Korea-related hacks jumped from four to seven, and the value extracted from these hacks grew by 40%,” said Chainalysis. One of the hacks involved crypto exchange Liquid.com, which lost $91.5 million to the group.

A Chainalysis report found that only 20% of the funds stolen by North Koreans last year consisted of Bitcoin. The majority, at 58%, was from Ether, while the rest spanned both altcoins and ERC-20 tokens.

Then North Korean hackers laundered the loot by “mixing” the funds through thousands of cryptocurrency addresses to disguise its provenance. Once the stampede, the funds were transferred to Bitcoin, which can be exchanged for cash on cryptocurrency exchanges in Asia.

By tracking the group’s thefts, Chainalysis said it also exposed several cryptocurrency wallets used by North Korean hackers to store wealth. “Chainalysis has identified $170 million in current balances — representing funds stolen for 49 separate hacks spanning from 2017 to 2021 — that are controlled by North Korea but not yet laundered through the services,” the company said.

Chainalysis Chart

“It’s unclear why hackers continue to get this money, but they may be hoping that law enforcement’s interest in the cases will fade, so they can cash the cash unattended,” Chainalysis added.

Recommended by our editors

On Thursday, security firm Kaspersky also warned that North Korean hackers were busy trying to steal from various companies that work with cryptocurrencies. To do this, North Korean hackers were impersonating venture capital firms and sending emails containing malware to potential victims.

“In some cases, representatives used the hacked account of an employee of a venture capital firm to chat with the target,” the antivirus provider said. Kaspersky researchers have discovered more than 15 investment companies whose brand names and employee names were misused during the campaign.

The North Korean hackers then used the malware to spy on the victim’s computers before orchestrating a method to steal funds from their crypto wallets. This included replacing browser extensions capable of managing cryptocurrency wallets with malicious ones.

“When the hacked user tries to transfer funds to another account, the attackers intercept the transaction process and inject their own (computer) logic, change the recipient address and increase the transaction amount, draining the account in one shot,” Kaspersky said.

Like what you read?

sign for security monitoring A newsletter of our top privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, deals or affiliate links. Subscribing to a newsletter indicates your acceptance of our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.

About the author

publisher team