North Korean Hackers Siphon Cryptocurrencies Worth $400m in 2021

A report by Chainalysis, a blockchain analysis firm has revealed that North Korea launched at least seven attacks on cryptocurrency platforms extracting nearly $400 million worth of digital assets last year.

The targets of the hacks were not identified, but the report noted that the victims were basic investment firms and centralized exchanges, including Liquid.com. The exchange company had announced in August that an unauthorized user had accessed some of the cryptocurrency wallets it managed.

The hackers were said to have used phishing lures, code exploits, malware, and advanced social engineering to steal organizations’ internet-connected ‘hot’ wallets funds. The funds were traced to North Korea-controlled addresses.

Last year, the US charged three North Korean computer programmers – working for the Asian country’s intelligence service, the Reconnaissance General Bureau, – accusing them of years-long hacking spree, aimed at stealing more than $1.3 billion in money and cryptocurrency, from companies, banks and Hollywood movie studios.

Chainalysis explained that the hacking group, the Lazarus Group likely carried out the majority of last year’s cyberattacks. According to the United States, the group is controlled by the North Korean intelligence.

The Lazarus Group had faced accusations of being involved in attacks on International banks and customer accounts, including an earlier 2014 cyber attack on Sony Pictures Entertainment using the “WannaCry” ransomware.

The report added that 2021 was one of the most successful years on record for crypto hackers and cyber attackers.

It should be recalled that Investors King reported that CheckPoint Solutions Technology said Africa has about 1,600 cyber attacks in the year under review, while North America records about 497 attacks weekly. Weekly attacks globally amount to a total of 5,193 as Asia records 1,299 attacks, Latin America (1,117), and Europe with 665 attacks

“From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%. Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” the Chainalysis report noted.

Some of the hackers are still said to be sitting on the stolen funds, not spending them, in hopes that they could outwit law enforcement’s interest before cashing out.

However, According to United Nations experts monitoring sanctions on North Korea, the country has used stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions. The Asian country also appeared to step up efforts to launder stolen cryptocurrency, by significantly increasing its use of mixers, or software tools that pool and scramble cryptocurrencies from thousands of addresses, Chainalysis said.

Researchers had also identified $170 million in old, unlaundered cryptocurrency holdings from 49 separate hacks spanning from 2017 to 2021, the report added.

North Korea has still not responded to media inquiries, but has previously released statements denying allegations of hacking. Without any official word for the cyber attacks traced to the country, “Whatever the reason may be, the length of time that (North Korea) is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one,” Chainalysis concluded.