North Korean Hackers Stole Nearly $400 Million in Crypto Last Year

DMCA / Correction Notice
- Advertisement -

last year Cryptocurrencies like bitcoin and ethereum saw breathtaking growth in value, with the value of bitcoin increasing by 60 percent and ethereum by 80 percent in 2021. So perhaps it should come as no surprise that the North Korean hackers who feed that booming crypto economy had a great year as well.

- Advertisement -

North Korean hackers stole a total of $395 million worth of crypto coins last year during seven intrusions into cryptocurrency exchanges and investment firms, according to blockchain analysis firm Chainalysis. The nine-figure amount represents an increase of nearly $100 million over the past year’s thefts by North Korean hacker groups, and it brings their total holdings in the cryptocurrency to $1.5 billion in the past five years alone—uncountable hundreds in the country. Millions stole from the traditional financial system. That stockpile of stolen cryptocurrency now contributes significantly to the coffers of Kim Jong-un’s totalitarian regime as it seeks to fund itself and its weapons programs despite the country’s heavily sanctioned, isolated and ailing economy.

“They have been very successful,” says Erin Plante, a senior director of investigations at Chainalysis, whose report calls 2021 a “banner year” for North Korean cryptocurrency thefts. The findings suggest that North Korea’s global, serial heist has intensified even amid an attempted law enforcement crackdown; For example, the US Justice Department in February last year indicted three North Koreans in absentia, accusing them of stealing at least $121 million from cryptocurrency businesses, as well as other financial crimes. Charges were also filed against a Canadian man who allegedly helped launder money. But those efforts have not stopped the bleeding of crypto money. “We were excited to see action against North Korea from law enforcement agencies,” Plant says, “yet the threat remains and continues to grow.”


Chainalysis numbers, based on exchange rates at the time the money was stolen, do not simply point to an appreciation of the value of the cryptocurrency. The increase in stolen funds also tracks with the number of thefts over the past year; The seven breaches Chainalysis tracked in 2021 is three more than in 2020, though less than the 10 successful attacks by North Korean hackers in 2018, when they stole a record $522 million.

For the first time since Chainalysis began tracking North Korean cryptocurrency thefts, bitcoin no longer represents anywhere near much of the country, accounting for about 20 percent of the money stolen. Fully 58 percent of the groups’ cryptocurrency gains came in the form of stolen ether, the currency unit of the Ethereum network. Another 11%, about $40 million, came from stolen ERC-20 tokens, a form of crypto asset used to create smart contracts on the Ethereum blockchain.

- Advertisement -

Chainalysis’s Plante feature focused on the Ethereum-based cryptocurrency—a total of $272 million in total thefts last year versus $161 million in 2020—the skyrocketing price of assets in the Ethereum economy, combined with nascent companies fueling growth Is. “Some of these exchanges and trading platforms are newer and potentially more vulnerable to this type of intrusion,” she says, “they are trading heavily in Ether and ERC-20 tokens, and they are just easy targets. “

While Chainalysis declined to identify most of the victims of the hacker theft it tracked last year, its report blames North Korean hackers. Nearly $97 million in crypto assets stolen from Japanese exchange in August, including $45 million in Ethereum tokens. ( did not respond to Nerdshala’s request for comment on its August hacker breach.) Chainalysis says it found all seven 2021 cryptocurrency hacks stolen from North Korea in a cluster of malware samples, hacking infrastructure and blockchain addresses Added on the basis of following money gone. It has been identified as controlled by North Korean hackers.

Chainalysis says that all the thefts were perpetrated by Lazarus, a loose group of hackers who were largely operating at the service of the North Korean government. But other hacker-tracking firms have reported that Lazarus consists of several different groups. Security firm Mandient nonetheless echoes Chainalysis’s findings that stealing cryptocurrency has become a priority for almost all North Korean groups, apart from whatever other missions they may pursue.

Last year, for example, two North Korean groups Mandiant called TEMP. Both Hermit and Kimsuki were tasked with targeting biomedical and pharmaceutical organizations most likely to steal information related to COVID-19, says Fred Plan, a senior analyst at Mandient. Yet both groups continued to target cryptocurrency holders throughout the year. “Financially motivated operations and continuity of operations remain the undercurrent of all these other activities that they had to undertake over the past year,” the plan says.

Even the group calls Mandient APT 38 – which has previously focused on more traditional financial intrusions, such as the theft of $110 million from Mexican financial firm Bancomex and $81 million from Bangladesh’s Central Bank. Theft – has now turned its sights on cryptocurrency targets. “Almost all North Korean groups that we track are a finger in the cryptocurrency pie in some way or the other,” the plan says.

One reason why hackers have focused cryptocurrency over other forms of financial crime is no doubt the relative ease of laundering digital cash. For example, after the Bangladeshi bank robbery of APT38, North Koreans Enlist Chinese money launderers to gamble their tens of millions at a casino in Manila To prevent investigators from tracking the stolen money. Conversely, Chainalysis found that groups have a lot of options when it comes to laundering stolen cryptocurrencies. They have capitalized on their profits through exchanges – largely exploiting those based in Asia and trading their cryptocurrency for the Chinese renminbi – which have less-than “know-your-customer” rules. There is strict compliance. Groups have often used “mixing” services to obscure the origins of funds. And in many cases they have used decentralized exchanges designed to connect cryptocurrency traders directly without intermediaries, often with little in the way of anti-money laundering regulations.

Chainalysis found that North Koreans have been patient in cashing in their stolen cryptocurrencies, often holding the funds for years before starting the laundering process. The hackers, in fact, seem to still be holding onto $170 million in non-laundering-free cryptocurrency from the thefts of previous years, which they will undoubtedly cash in over time.

According to Mandient’s Fred plan, all but one of those millions will end up in the accounts of a highly militarized rogue nation that has spent years under severe sanctions. “The North Korean regime has discovered that they have no other choice. They have no other real way to engage with the world or the economy. But they have this great cyber capability,” Plan says. “And they’ve been able to take advantage of that to bring money into the country.”

Until the cryptocurrency industry figures out how to protect itself against those hackers — or to prevent their coins from being laundered and converted into clean bills — the Kim regime’s illicit, ethereal revenue stream will only continue to grow.

  • The latest on tech, science and more: Receive our newsletter!
  • The Metaverse-Accidental Life of Kai Lenny
  • Indie city-building games are in line with climate change
  • From ransomware to data breaches, the worst hacks of 2021
  • Here’s what working in VR is really like
  • How do you practice responsible astrology?
  • ️ Explore AI like never before with our new database
  • From robotic vacuums to affordable mattresses to smart speakers, customize your home life with the best picks from our Gear team


- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories