With $340.4 million taken as of September 14, 2023 has seen a substantial 80% decrease in cryptocurrency theft at the hands of North Korea-affiliated hackers compared to the previous year. Cybersecurity experts warn against complacency despite this apparent drop and stress that the environment is still dangerous.
At first glance, the decline in cryptocurrency theft by North Korean criminals may appear like a positive development. However, a report by blockchain forensics company Chainalysis emphasizes the importance of remaining vigilant. The staggering $1.65 billion that was reported stolen in 2022 established an uncomfortably high bar.
Chainalysis cautions against interpreting the decline in theft as a sign of increased security or a decline in criminal activities. It serves as a reminder that one sizable hack could quickly take the entire amount of stolen money for 2023 above the $1 billion mark. As a result, security issues in the crypto area are still very much open for discussion.
Lazarus Group Strikes Again
Over the past ten days, the notorious North Korean Lazarus Group has been implicated in two separate cryptocurrency hacks. On September 4th, they targeted Stake, resulting in a loss of $41 million. Shortly thereafter, on September 12th, CoinEx was breached, with $55 million siphoned off. The combination of these two attacks alone has already accounted for over $95 million in losses.
Related: CoinEx exchange hacked, over $27M in crypto stolen
It’s concerning that North Korea-linked hacks have contributed to approximately 30% of all cryptocurrency funds stolen in hacks this year. Erin Plante, Chainalysis’ Vice President of Investigations, highlights the gravity of the situation, especially in light of the national security threat posed by North Korea:
"Lazarus continues to be prolific crypto thieves, which is made even more troublesome by the national security threat that DPRK poses."
To fortify defenses against these ongoing attacks, cryptocurrency firms must equip their employees to counter the sophisticated social engineering tactics commonly employed by hacker groups like Lazarus. Plante underscores the need for training to identify risks and warning signs associated with these tactics.
North Korean Hackers’ Reliance on Dubious Sources
Chainalysis has identified a concerning trend in North Korean hackers increasingly relying on specific Russian-based cryptocurrency exchanges to launder illicitly obtained funds over the past few years. Since 2021, North Korea has been utilizing various Russian exchanges for this purpose, with one notable case involving the transfer of $21.9 million in funds from Harmony’s $100 million bridge hack in June 2022.
Moreover, Lazarus Group has used United States-sanctioned cryptocurrency mixers, including Tornado Cash and Blender, in high-profile hacks like the Harmony Bridge breach. These findings shed light on North Korea’s utilization of stolen cryptocurrency to fund its nuclear missile program, drawing international concerns and actions.
As the cryptocurrency landscape continues to evolve, Chainalysis hopes that increased smart contract audits will present a formidable obstacle for hackers, making their activities significantly more challenging. In conclusion, while the reported decline in cryptocurrency theft is a welcomed development, it serves as a stark reminder that the crypto realm remains a lucrative target for threat actors, necessitating ongoing vigilance and innovation in security measures.
Related: North Korean Hackers Steal $2B in Crypto in 4 Years