While 2021 saw a reported increase of 187.5% in the use of cryptocurrency, North Korea (DPRK) was supposedly at the receiving end of seven cryptocurrency based attacks worth $400 million. As per reports, those attacks were targeted towards investment firms and centralised exchanges, via the use of practices such as phishing lures, malware and advanced social engineering to extract funds out of DPRK-controlled addresses.
Many security researchers suggested that those advanced persistent threats(APTs) were launched by DPRK’s primary intelligence agency called the Lazarus Group, with the group stealing and laundering virtual currencies around $200 million. According to the United Nations Security Council, the funds were used to support North Korea’s weapons of mass destruction and ballistic missile programs.
In terms of dollar value, Bitcoin was valued at less than one fourth of those DPRK based cryptocurrency scandals. Those stolen digital funds accounted for about 20% of Bitcoins, 22% of altcoins, and 58% of Ether. The rising complexity of fraudulent cryptocurrencies included altcoins being swapped for Ether via decentralised exchanges(DEX), mixed ether, mixed Bitcoin, mixed Ether being swapped for Bitcoin via DEXs, etc.
According to reports, the North Korean hackers took a very cautious approach in 2021 as 65% of DPRK’s stolen funds were laundered through mixers this year, compared to 42% in 2020 and 21% in 2019. As per the Chainanalysis 2022 report, it identified $170 million as stolen funds, which further represented 49 separate hacks between 2017 and 2021. Of DPRK’s total cryptocurrency funds, roughly $35 million came from attacks in 2020 and 2021, and more than $55 million came from attacks in 2016. The data further suggested a nation supporting cryptocurrency oriented crimes, with North Korea’s government cementing itself as a threat to the cryptocurrency industry.
(With inputs from Chainanalysis 2022 report)