North Korean hackers stole $600M in crypto in just one year

North Korean hackers continue to be the most prolific in terms of cryptocurrency theft, research finds.

Research by TRM Labs, a blockchain intelligence company, showed that in 2023, hackers related to The Democratic People’s Republic of Korea (DPRK) stole at least $600 million in cryptocurrency.

The amount could hit a staggering $700 million if reported New Year’s Eve hacks on Orbit Bridge, a decentralized cross-chain protocol, are confirmed to be linked with the rogue state.

Even with a 30% drop from $850 million in 2022, the DPRK was still responsible for almost one-third of all funds stolen in crypto attacks last year. Nearly $3 billion worth of crypto has been lost to North Korean threat actors since 2017.

Evading international law

North Korea has adapted its money laundering techniques to avoid international law enforcement. When US sanctions impacted Tornado Cash and ChipMixer, previously favored platforms by cybercriminals, North Korea switched to the BTC service Sinbad. Despite Sinbad facing sanctions in November 2023, North Korea persists in seeking alternative laundering tools.

According to the report, North Korean hackers attack digital wallets by compromising private keys and seed phrases and transferring transfer the victims’ digital assets to wallet addresses controlled by North Korean operatives.

To hide the stolen funds, the assets are being swapped mostly for a USDT stablecoin, controlled by Tether Limited Inc, or Tron (TRX) cryptocurrency and converted to hard currency using high-volume OTC brokers.

State-backed cybercrime

The North Korean regime backs cybercrime. The state allegedly has around 6,000 hackers who operate in over 150 countries. In 2019, the UN Security Council report stated that since 2016, North Korea has increasingly relied on hacking to generate income for the country's treasury. It is believed that most of the proceeds from these criminal activities are likely allocated to the national defense budget – to fund nuclear and missile testing.

The notorious cybercriminal gang Lazarus, linked to DPRK, has targeted medical research organizations and energy sectors for intelligence gain. It was also responsible for the JumpCloud breach, for stealing $100m worth of crypto via Harmony's Horizon bridge, and many other large-scale heists.

More from Cybernews:

Book review: “Bottoms Up and the Devil Laughs” about your right to privacy

Don’t trust links with known domains: BMW affected by redirect vulnerability

Nineteen individuals charged for participating in illicit marketplace xDedic

Netflix ponders over monetizing its gaming business

Orrick, Herrington & Sutcliffe breach total jumps to over 600K impacted

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked