North Korean hackers stole $3 billion in crypto in six years

Hackers backed by the rogue state of North Korea have helped themselves – and Pyongyang – to an estimated $3 billion by targeting the cryptocurrency industry over the last six years.

Operations by Kimsuky, Andariel, Lazarus Group, and other North Korea hacking collectives were behind 44% of all stolen cryptocurrency throughout last year alone, a new report by Recorded Future’s Insikt Group said.

That’s around $1.7 billion in cryptocurrency, equivalent to 5% of the country's economy or 45% of its military budget.

And over the last six years, they’ve stolen billions more. “Since 2017, North Korea has significantly increased its focus on the cryptocurrency industry, stealing an estimated $3 billion worth of cryptocurrency,” said the report.

Initially successful in stealing from financial institutions through the hijacking of the SWIFT network, North Korea shifted its attention to cryptocurrency during the 2017 bubble, starting with the South Korean market and later expanding globally.

Targets include not only cryptocurrency exchanges but also individual users, venture capital firms, and alternative technologies, Recorder Future said (PDF).

Stolen cryptocurrency is often converted into fiat currency, and North Korean threat actors use various methods, including stolen identities and altered photos, to evade anti-money laundering measures.

Cryptocurrency theft has been a major revenue source for the regime, particularly for funding military and weapons programs. While the exact amount used for ballistic missile launches is unclear, both the volume of stolen cryptocurrency and missile launches have risen, said the report.

Recorded Future also reported that anyone who is a victim of an intrusion linked to a North

Korean threat group may have their personally identifiable information used to set up accounts to facilitate the laundering of stolen cryptocurrency.

And since most such intrusions start with social engineering and a phishing campaign, organizations should train their employees to monitor for this activity and implement strong multi-factor authentication measures.

North Korea allegedly has 6,000 hackers and uses them for financial gain, as well as intelligence gathering, the US Federal Bureau of Investigation said earlier in the year.