North Korean-backed state hackers have stolen an estimated $3 billion in a protracted string of hacks concentrating on the cryptocurrency trade over the past six years since January 2017.
Kimsuky, Lazarus Group, Andariel, and different North Korean hacking teams have been behind assaults akin to typical cybercriminal gangs, albeit on a a lot bigger scale, provided that their operations have been behind 44% of all stolen cryptocurrency all through final yr, in line with a report by Recorded Future’s Insikt Group.
Whereas cryptocurrency exchanges are on the high of their concentrating on listing, they’ve additionally been linked to assaults in opposition to particular person customers and enterprise capital companies.
Cryptocurrency theft is one in every of Pyongyang’s regime’s most important earnings streams, notably earmarked for financing army and weapon improvement applications (though there isn’t any knowledge on how a lot funding is put aside towards ballistic missile launches, each the amount of stolen cryptocurrency and missile launches have concurrently surged within the final a number of years).
“Since 2017, North Korea has considerably elevated its deal with the cryptocurrency trade, stealing an estimated $3 billion price of cryptocurrency,” Recorded Future analysts mentioned.
“Initially profitable in stealing from monetary establishments by way of the hijacking of the SWIFT community, North Korea shifted its consideration to cryptocurrency through the 2017 bubble, beginning with the South Korean market and later increasing globally.
“In 2022 alone, North Korean menace actors have been accused of stealing $1.7 billion in cryptocurrency, equal to five% of the nation’s financial system or 45% of its army funds.”
As lately outlined in a confidential United Nations report, North Korean state hackers have been behind unprecedented ranges of cryptocurrency theft, stealing between $630 million and greater than $1 billion in 2022 alone, successfully doubling Pyongyang’s illicit earnings from cyber theft in comparison with the earlier.
Their cryptocurrency assaults began surging after the hack of South Korean exchanges Bithumb, Youbit, and Yapizon in 2017 after they stole crypto belongings price roughly $82.7 million.
Within the final two years, North Korean Lazarus hackers have been linked to crypto heists in opposition to the Concord blockchain bridge ($100 million in losses), the Nomad bridge ($190 million in losses), the Qubit Finance bridge ($80 million in losses), and the biggest crypto hack ever after breaching the Ronin Community cross-chain bridge and stealing $620 million.
This yr alone, they’ve additionally allegedly stolen $200 million in a number of assaults, together with from Atomic Pockets ($35 million), AlphaPo ($60 million in two separate assaults), and CoinsPaid ($37 million).
Recorded Future researchers present an in depth historical past of North Korean cryptocurrency concentrating on of their full report, obtainable right here.
This week, the Treasury Division’s Workplace of International Belongings Management (OFAC) imposed sanctions on the Kimsuky hacking group for his or her involvement in buying intelligence that helped help North Korea’s weapons of mass destruction (WMD) applications.
In September 2019, it levied sanctions on three different North Korean hacking teams (Lazarus, Bluenoroff, and Andariel) for channeling cryptocurrency stolen in cyberattacks again to the nation’s authorities.
The Treasury Division additionally sanctioned the Sinbad, Twister Money, and Blender.io cryptocurrency mixer providers utilized by North Korean hacking teams to launder funds stolen within the Atomic Pockets, Axie Infinity, Nomad, and Horizon hacks.
Moreover, OFAC introduced sanctions in Could in opposition to 4 North Korean entities engaged in illicit IT employee schemes and cyber assaults meant to generate income to fund the Democratic Individuals’s Republic of Korea’s (DPRK) WMD applications.
