Hackers linked to North Korea have stolen over $200 million in cryptocurrency so far in 2023, accounting for 20% of all stolen crypto this year, according to a report by blockchain intelligence firm TRM Labs.
The theft is part of over $2 billion looted by cybercriminals in the last five years, with 30 different crypto-project attacks. Also, The majority of these exploits have focused on decentralized finance (DeFi), particularly targeting cross-chain bridges.
Last year was the most successful year for hackers, with over $800 million in cryptocurrency stolen. Three major attacks targeted DeFi protocols, including a $625 million theft from the Ronin Bridge in March. North Korean hackers have been using various techniques to launder stolen funds, such as chain hopping and mixers, and quickly cashing out through exchanges with lower KYC/AML controls.
In June this year, hackers focused on Atomic Wallet users and stole around $100 million worth of various cryptocurrencies, including Bitcoin, Ethereum, Tron, XRP, Stellar, Dogecoin, and Litecoin. According to TRM Labs, the criminals transferred the stolen Ethereum to different addresses they controlled using wrapped Ether (WETH) that they had stolen. They then exchanged the WETH for wrapped Bitcoin (WBTC) and later converted it to Bitcoin, which they sent to mixing services to hide the source of the coins.
Hackers techniques and the importance of robust cybersecurity
North Korean hackers have improved their on-chain laundering methodologies over time, shifting from direct use of cryptocurrency exchanges to highly complex, multi-stage money laundering processes. This evolution is in response to more aggressive OFAC sanctions, law enforcement focus, and improved tracing capabilities. Chain-hopping, a form of money laundering where one type of crypto asset is converted to another and moved across multiple chains, has been a prominent technique hackers use to cover their tracks, according to the report by TRM Labs.
TRM Labs emphasizes the importance of robust cybersecurity measures, such as hardware security modules for cryptographic key management, whitelisting addresses to limit funds transfer to trusted recipients, and secure offline storage for keys and passphrases. The firm also highlights the individual responsibility of safeguarding assets in the DeFi community.
The report’s findings underscore the growing threat of cybercrime within the cryptocurrency space, particularly in the DeFi sector. The significant amounts stolen and the techniques used by hackers illustrate the urgent need for enhanced security measures and regulatory oversight.
The focus on DeFi protocols and the evolution of laundering techniques reflect the adaptability of cybercriminals in response to regulatory measures and technological advancements.