North Korean hackers stole $400M in 2021, mostly ETH: Chainalysis

Published at: Jan. 14, 2022

North Korean crypto hackers siphoned off nearly $400 million in crypto through cyber attacks in 2021 according to new data from Chainalysis.

The type of crypto stolen has also seen a sea change according to the Jan. 13 report from the blockchain analytics firm. In 2017, BTC accounted for nearly all the crypto stolen by the DPRK, but it now accounts for just one fifth:

“In 2021, only 20% of the stolen funds were Bitcoin, whereas 22% were either ERC-20 tokens or altcoins. And for the first time ever, Ether accounted for a majority of the funds stolen at 58%.”

The report stated that attacks in 2021 from North Korea (DPRK) primarily targeted “investment firms and centralized exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering” to maliciously acquire the funds.

Stolen cryptocurrency is believed to be used by the DPRK to evade economic sanctions and to help fund nuclear weapons and ballistic missile programs, according to a UN Security Council report.

The threat that the DPRK presents to global crypto platforms has become ever-present. Chainalysis now refers to hackers from the Hermit Kingdom, such as Lazarus Group, as advanced persistent threats (APT). These threats have been on the increase over the past three years, following the all-time high of over $500 million in crypto stolen in 2018.

Chainalysis reported that the funds were meticulously laundered. Methods range from chain hopping, the ‘Peel Chain’ method, and more recently the hackers have employed a complicated system of coin swaps and mixing.

Related: LCX loses $6.8M in a hot wallet compromise over Ethereum blockchain

Mixers were used on over 65% of the funds stolen in 2021, which is a 3-fold increase since 2019. A mixer is a software-based privacy system that allows users to hide the source and destination of the coins they send. Decentralized exchanges (DEX) are increasingly preferred by hackers since they are permissionless and have ample liquidity for coins to be swapped at the user’s will.

Chainalysis used the Aug. 19, 2021 hack at Liquid.com in which $91 million in crypto was stolen as an example of the typical way in which DPRK hackers launder funds. They first swapped ERC-20 coins for Ether (ETH) at decentralized exchanges. Then the ETH was sent to a mixer and swapped for Bitcoin (BTC), which was also mixed. Finally, BTC was sent from the mixer to centralized Asian exchanges as a likely fiat off-ramp.

Tags
Related Posts
Crypto.com finally speaks out: 483 user accounts compromised
The Crypto.com security breach saga gets clarity with an official statement from the Singapore-based crypto exchange following a halt on withdrawals after detecting "suspicious activities" in user accounts. In a statement today, Crypto.com revealed that "4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies" had been taken from clients' accounts without their permission. The overall loss is presently valued at around $33.8 million, as per the current market value. Following a security breach, several Crypto.com users have made complaints that their money had been stolen. However, the company's previous responses had failed to quell concerns. Following the 17th of …
Bitcoin / Jan. 20, 2022
PennyWise crypto-stealing malware spreads through YouTube
A new strain of crypto-malware is being spread via YouTube, tricking users to download software that’s designed to steal data from 30 crypto wallets and crypto-browser extensions. Cyber intelligence company Cyble in a June 30 blog post said it had been tracking the malware known as PennyWise — likely named after the monster in Stephen King’s horror novel It — since it was first identified in May. “Our investigation indicates that the stealer is an emerging threat,” wrote Cyble in a blog post on June 30: “In its current iteration, this stealer can target over 30 browsers and cryptocurrency applications …
Bitcoin / July 6, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Here's how to quickly spot a deepfake crypto scam — cybersecurity execs
Crypto investors have been urged to keep their eyes peeled for "deepfake" crypto scams to come, with the digital-doppelganger technology continuing to advance, making it harder for viewers to separate fact from fiction. David Schwed, the COO of blockchain security firm Halborn told Cointelegraph that the crypto industry is more “susceptible” to deepfakes than ever because “time is of the essence in making decisions” which results in less time to verify the veracity of a video. Deepfakes use deep learning artificial intelligence (AI) to create highly realistic digital content by manipulating and altering original media, such as swapping faces in …
Blockchain / Jan. 13, 2023
North Korea stole more crypto in 2022 than any other year: UN report
A confidential United Nations report has revealed North Korean hackers stole more crypto assets in 2022 than in any other year so far. The UN report, seen by Reuters, was reportedly submitted to a 15-member North Korea sanctions committee last week. It found North Korean-linked hackers were responsible for between $630 million and more than $1 billion in stolen crypto assets last year and targeted networks of foreign aerospace and defense companies. The UN report also noted that cyber attacks were more sophisticated than in previous years, making tracing stolen funds more difficult than ever. "[North Korea] used increasingly sophisticated …
Blockchain / Feb. 7, 2023