In a recent report by TRM Labs, it has been revealed that hackers linked to North Korea conducted significant crypto thefts in 2023, amassing at least $600 million. If additional hacks in the final days of the year are confirmed to be the work of North Korea, the total stolen amount could reach around $700 million.
Despite a 30% reduction in theft compared to the previous year, the Democratic People’s Republic of Korea (DPRK) was responsible for nearly one-third of all funds stolen in crypto attacks in 2023.
The report further uncovers the methods and impact of North Korean cyberattacks on the cryptocurrency ecosystem.
North Korea’s Crypto Hacks 10x More Damaging Than Others
According to the TRM Labs report, hacks attributed to the DPRK were found to be ten times as damaging as those not linked to North Korea. Over $3 billion worth of cryptocurrency has been lost to Pyongyang-linked threat actors since 2017.
Per the report, the hackers primarily exploit vulnerabilities in digital wallet security, compromising private keys and seed phrases, which are crucial for safeguarding digital assets.
The stolen funds are then transferred to wallet addresses under the control of North Korean operatives, often converted into Tehter’s USDT or Tron, and ultimately converted into hard currency through high-volume over-the-counter brokers.
TRM Labs further notes that North Korea constantly evolves its money laundering methods to evade international law enforcement pressure.
As previous platforms used for obfuscation, such as Tornado Cash and ChipMixer, became targets of US sanctions and enforcement actions, North Korea shifted to another mixer called Sinbad.
However, after Sinbad was also sanctioned by the Office of Foreign Assets Control (OFAC) in November 2023, North Korea continued exploring alternative laundering tools.
North Korea’s Cyber-Theft Spree
With approximately $1.5 billion stolen in the past two years alone, North Korea’s hacking capabilities demand continuous vigilance and innovation from businesses and governments.
Despite advancements in cybersecurity measures by cryptocurrency exchanges and increased international collaboration to track and recover stolen funds, it is expected that 2024 will witness further disruption from this highly prolific cyber-thief, according to TRM Labs.
As a result, sanctions have been imposed on eight foreign-based agents of North Korea (DPRK) and the cyber espionage group Kimsuky.
These actions were taken by the US Treasury’s Office of Foreign Assets Control (OFAC), along with counterparts in Australia, Japan, and the Republic of Korea, in response to the DPRK’s military reconnaissance satellite launch on November 1, 2023.
The report highlights the activities of Kimsuky, a cyber espionage group operating since 2012 and associated with the Reconnaissance General Bureau (RGB), which the United Nations and the United States designate.
Kimsuky focuses its intelligence collection efforts on foreign policy, national security issues related to the Korean peninsula, nuclear policy, and sanctions.
The group primarily employs spear-phishing techniques to target individuals employed by government organizations, research centers, think tanks, academic institutions, and news media organizations across Europe, Japan, Russia, South Korea, and the United States.
Despite global efforts to enhance cybersecurity measures and counter these attacks, North Korea’s persistent and evolving tactics continue to pose challenges.
The response of governments to mitigate these cyber crimes and reduce losses in the crypto industry remains uncertain. Observing what additional actions will be taken in this regard is crucial.
Featured image from Shutterstock, chart from TradingView.com
