North Korean Hackers Stole $400M in Cryptocurrency in 2021: Report

A United Nations panel that monitors sanctions against North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions

Reuters

January 15, 2022, 12:50 p.m.

Last modification: January 15, 2022, 1:01 PM

An illustrative image shows binary code projected onto a man holding a laptop computer, in an office in Warsaw, June 24, 2013. PHOTO: REUTERS/Kacper Pempel/Illustration

“>

An illustrative image shows binary code projected onto a man holding a laptop computer, in an office in Warsaw, June 24, 2013. PHOTO: REUTERS/Kacper Pempel/Illustration

North Korea launched at least seven attacks on cryptocurrency platforms that mined nearly $400 million in digital assets last year, one of its most successful years on record, a report said. said blockchain analytics firm Chainalysis in a new report.

“From 2020 to 2021, the number of North Korea-related hacks increased from four to seven, and the value extracted from those hacks increased by 40 percent,” the report, released on Thursday, said.

“Once North Korea obtained custody of the funds, it began a thorough laundering process to conceal and cash out,” the report added.

A United Nations panel that monitors sanctions against North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.

North Korea is not responding to media inquiries, but has previously issued statements denying the hacking allegations.

Last year, the United States accused three North Korean computer programmers working for the country’s intelligence service of a massive, years-long hacking spree aimed at stealing more than $1.3 billion in cash and hardware. cryptocurrency, affecting businesses ranging from banks to Hollywood movie studios.

Chainalysis did not identify all of the targets for the hacks, but said they were primarily investment firms and centralized exchanges, including Liquid.com, which announced in August that a user not authorized had had access to some of the cryptocurrency wallets it managed.

Attackers used phishing lures, code exploits, malware and advanced social engineering to siphon funds from these organizations’ internet-connected “hot” wallets to addresses controlled by North Korea, according to the report. .

Most of the attacks over the past year were likely carried out by the Lazarus Group, a US-sanctioned hacking group that claims to be controlled by the Reconnaissance General Bureau, North Korea’s main intelligence office.

The group has been accused of involvement in the “WannaCry” ransomware attacks, the hacking of international banks and customer accounts, and the 2014 cyberattacks on Sony Pictures Entertainment.

North Korea also appeared to be stepping up its efforts to launder stolen cryptocurrency, dramatically increasing its use of mixers, or software tools that aggregate and scramble cryptocurrencies from thousands of addresses, Chainalysis said.

The report says researchers identified $170 million in old, unlaundered cryptocurrency holdings from 49 separate hacks spanning the period 2017-2021.

The report says it’s unclear why the hackers would still be sitting on those funds, but said they could hope to outwit law enforcement interests before cashing in.

“Whatever the reason, the length of time (North Korea) is willing to hold on to these funds is illuminating, as it suggests a prudent, not desperate, hasty plan,” Chainalysis concluded.

Comments are closed.