North Korean Hackers Escalate Crypto Heists, Funds Stolen Double To $1.6B
The cryptocurrency industry has seen a significant increase in North Korean state-sponsored hackers intensifying their efforts to pilfer digital assets over the past year.
These sophisticated cyberattacks have resulted in billions of dollars in losses, raising serious questions about the security of digital assets and the far-reaching implications for the global financial system.
According to blockchain analysis firm Chainalysis, funds stolen in “crypto heists” increased year-over-year (YoY), nearly doubling from $857 million to $1.58 billion as of the end of July.
North Korea’s hacking groups have been identified as major players in this surge of cybercrime.
The UN Security Council’s panel of experts on North Korea reported in September 2023 that North Korean hackers had stolen an estimated $3 billion in cryptocurrencies since 2017.
More alarmingly, the panel stated that these cyberattacks have become “more sophisticated” and are a “significant source of revenue” for North Korea’s weapons of mass destruction programs.
Targeting Centralized Exchanges
“Crypto thieves seem to be returning to their roots and targeting centralized exchanges again after four years focused on their decentralized counterparts,” Chainalysis reports.
This change in strategy has led to $305 million stolen from DMM and $55 million from BTCTurk in 2024.
In March 2023, Euler Finance, a decentralized finance (DeFi) platform, fell victim to a $197 million hack.
While not definitively linked to North Korea, the attack’s sophistication and scale were reminiscent of previous North Korean operations, according to cybersecurity experts.
Infiltration Tactics
The United Nations has raised alarms about the infiltration tactics employed by North Korean hackers.
In a recent report, the UN stated that “Western tech industry firms have hired more than 4,000 North Koreans,” many of whom are believed to be using these positions to gather intelligence and potentially access sensitive systems.
This tactic was further highlighted in a joint advisory issued by the FBI, CISA, and the U.S. Treasury Department in May 2023.
The advisory warned that North Korean IT workers were using stolen identities to apply for remote work positions, potentially gaining insider access to cryptocurrency companies and financial institutions.
Also Read: AI-Linked US Semiconductor Stocks Brace For Red Wednesday As Analyst Downgrades Dutch Chipmaker ASML
The Lazarus Group
At the forefront of these attacks is the infamous Lazarus Group, a hacking collective widely believed to be controlled by North Korea’s primary intelligence agency, the Reconnaissance General Bureau.
In April 2022, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert warning about new malware variants associated with the Lazarus Group, specifically targeting the cryptocurrency and blockchain industries.
The group’s most notorious heist remains the 2022 Ronin Network hack, where they stole approximately $620 million in cryptocurrency.
In July 2022, the U.S. Justice Department announced the seizure of $500,000 in ransom payments made to North Korean hackers, demonstrating the ongoing cat-and-mouse game between cybercriminals and law enforcement.
Global Response
In response to the growing threat, the U.S. Treasury Department has imposed sanctions on several North Korean hacking groups.
In March 2020, the department sanctioned two Chinese nationals for their alleged role in laundering stolen cryptocurrency for North Korean hackers.
The cryptocurrency industry has also been ramping up its defenses.
Major exchanges like Binance and Coinbase Inc. (NASDAQ:COIN) have reported significant investments in cybersecurity measures.
In May 2023, Binance announced the recovery of $4.4 million worth of crypto assets stolen by North Korean hackers, showcasing the industry’s improving ability to track and recover stolen funds.
The ongoing threat posed by North Korean hackers will undoubtedly be a central topic at Benzinga’s upcoming Future of Digital Assets event on Nov. 19.
Industry leaders, cybersecurity experts, and policymakers are expected to discuss strategies for enhancing the resilience of crypto exchanges and protecting users from state-sponsored attacks.
Read Next: