Best Cryptocurrency Exchange

North Korean hackers stole a record-breaking amount of cryptocurrency last year

North Korean hackers stole a record-breaking amount of cryptocurrency last year
Written by publisher team

North Korean hackers stole nearly $400 million in cryptocurrency in 2021 through at least seven attacks, most of which were Ether or ETH rather than Bitcoin, according to blockchain analysis firm Cainalysis.

2021 was a record year for North Korean military hackers, the most famous of which are Lazarus, the group behind the devastating mop attack on Sony Pictures Entertainment in 2014, WannaCry ransomware in 2017, multiple banks via the SWIFT banking system, and several exchanges Cryptocurrencies.

Also known as APT 38, the group has focused on cryptocurrency theft as a key tool to increase revenue for the country and evade US and UN economic sanctions. A team of United Nations experts concluded in 2018 that cryptocurrency hacking contributes to North Korea’s ballistic missile programs.

See: Scallops, Vaccines and Tesla: The Wild World of Blockchain and Cryptocurrency

The group uses common tactics used by other state hacking groups and cybercriminals, including social engineering, phishing, and software exploits.

“From 2020 to 2021, the number of North Korean-related hackers jumped from four to seven, and the value extracted from these hacks grew by 40%,” Chainalysis said in its report.

Attacks from North Korean hackers in 2021 mostly targeted investment firms and central cryptocurrency exchanges, according to Chainalysis. The groups used social engineering to move money from the targets’ wallets to addresses controlled by North Korean accounts. Then the money was laundered and spent.

Last year, 68% of the money stolen by North Korean hackers was Ether, which replaced Bitcoin as the primary cryptocurrency. However, bitcoin still plays a major role in laundering stolen ether through decentralized exchanges before it is merged into new wallets and then cashed.

A Cryptocurrency mixer, or “acrobat,” splits a user’s funds into small amounts and mixes them with other transactions in microtransactions before sending an equivalent value to a new address. The US filed the first money-laundering charges against the US Bitcoin mixing service in 2020.

The report notes that “the DPRK systematically launders money, and their use of multiple mixers…is a calculated attempt to hide their illegally obtained crypto assets while converting them into legal currencies.”

North Korea also has about $170 million in crypto holdings from 49 attacks that have yet to be laundered through the mixers. Of these, $55 million came from the 2016 attacks, while $35 million came from the 2020 and 2021 attacks.

Chainalysis notes that $97 million stolen from crypto wallets operated by Japanese crypto exchange Liquid.com in August was transferred to addresses controlled by a party acting on behalf of the DPRK, resulting in the laundering of $91.35 million.

North Korean hacking of cryptocurrency exchanges is well documented by the US Cyber ​​Security and Infrastructure Security Agency (CISA). The US government’s blanket term for hacking in the country is HIDDEN COBRA.

A February 2021 report from CISA details North Korean hackers’ work in connection with the AppleJesus malware that has targeted Windows and Mac systems worldwide by emerging as a legitimate cryptocurrency trading platform.

About the author

publisher team