In a worrying development, hackers affiliated with the Democratic People’s Republic of Korea (DPRK), commonly known as North Korea, have successfully looted over $600 million in cryptocurrency throughout the course of 2023. The revelations come from blockchain analytics firm TRM Labs, indicating that North Korean threat actors were responsible for nearly a third of all cryptocurrency funds stolen last year, despite a 30% reduction from the colossal $850 million taken in 2022.
While the total figure decreased, the average damage caused by North Korean cyberattacks remained ten times higher than those not linked to the nation, showcasing the persistent and impactful nature of their operations.
This trend of targeting cryptocurrency companies is not new for North Korea, as state-sponsored actors have managed to pilfer approximately $3 billion since 2017. These financially motivated attacks serve as a crucial revenue source for a nation grappling with sanctions, channeling funds into its weapons of mass destruction (WMD) and ballistic missile programs.
The typical modus operandi of these intrusions involves the use of social engineering tactics to entice targets. The primary aim is to compromise private keys and seed phrases, vital components for securing digital wallets. Once these keys are compromised, hackers gain unauthorized access to victims’ assets, swiftly transferring them to wallets under their control.
To obscure the origins of their ill-gotten gains, DPRK hackers predominantly exchange stolen cryptocurrencies for stablecoins such as USDT or Tron. Subsequently, they convert these stablecoins into hard currency using high-volume over-the-counter (OTC) brokers. Despite facing sanctions on a crypto mixer service called Sinbad, imposed by the U.S. Treasury Department, North Korean hackers continue to adapt, exploring alternative money laundering tools.
“With nearly USD 1.5 billion stolen in the past two years alone, North Korea’s hacking prowess demands continuous vigilance and innovation from businesses and governments,” stressed TRM Labs. As signs indicate that additional breaches towards the end of 2023 could increase the total to around $700 million, the global cryptocurrency sector faces an urgent need for heightened cybersecurity measures to effectively counter the persistent threat posed by North Korean cybercriminals.