North Korean hackers said to have stolen nearly $400 million in cryptocurrency last year, making it one of the most lucrative years to date for cybercriminals in the severely isolated country, according to a new report.
Hackers launched at least seven different attacks last year, primarily targeting investment firms and centralized exchanges with a variety of tactics, including phishing, malware and social engineering, according to the report from Chainalysis, a firm that tracks cryptocurrency. The cybercriminals worked to gain access to organizations’ “hot” wallets — digital wallets that are connected to the internet — and then move funds into DPRK-controlled accounts.
The thefts are the latest indication that the heavily sanctioned country continues to rely on a network of hackers to help fund its domestic programs. A confidential United Nations report previously accused the regime of North Korea’s leader, Kim Jong Un, of conducting “operations against financial institutions and virtual currency exchange houses” to pay for weapons and keep North Korea’s economy afloat.
Last February, the US Justice Department charged three North Koreans for conspiring to steal more than $1.3 billion from banks and companies around the world and orchestrating digital heists of cryptocurrency.
“North Korea is, in most respects, cut off from the global financial system by a long sanctions campaign by the US and foreign partners.” said Nick Carlsen, analyst at blockchain intelligence firm TRM Labs. “As a result they have taken to the digital battlefield to steal crypto in, essentially, [a] bank robbery at the speed of the internet, to fund weapons programs, nuclear proliferation and other destabilizing activities.”
The North Korean hacking efforts have benefited from the surging value of cryptocurrencies. The rise in cryptocurrency prices and usage has generally made digital assets increasingly attractive to malicious actors, leading to more blockbuster crypto heists in 2021.
According to Chainalysis, most of last year’s thefts were carried out by the Lazarus Group, a hacking group with links to North Korea that has previously been linked to the hack on Sony Pictures, among other incidents. The group has been hit with US sanctions.
There is little the United States or other countries can practically do to combat the North Korean crypto hacking activities, other than sanctions and defensive cybersecurity measures, as criminals face no real chance of extradition.
As the cryptocurrency market grows more popular, “we are likely to see continued interest by North Korea to target crypto businesses that are young and building out cyber defenses and anti-money laundering controls,” said Carlsen.
By Jennifer Korn, CNN Business