In a significant report from Chainalysis, it has been revealed that 2021 marked a notable year for North Korean cybercriminals, who managed to steal nearly $400 million worth of digital assets across at least seven attacks.
The report highlights that investment firms and centralized exchanges were the primary targets. Cybercriminals utilized various techniques such as phishing, code exploits, malware, and social engineering to siphon funds from these organizations’ internet-connected ‘hot’ wallets into addresses controlled by North Korea.
Hot wallets, which are vulnerable to hacking due to their internet connectivity, are not recommended for cryptocurrency storage. Chainalysis suggests that many of the attacks in 2021 were carried out by the Lazarus Group, a hacking entity linked to North Korea’s primary intelligence bureau, the Reconnaissance General Bureau. This group has a history of involvement in notorious cyber incidents, including the “WannaCry” ransomware attacks and the 2014 Sony Pictures cyber attacks.
Once the funds were secured, Chainalysis reports that the criminals engaged in a “laundering cover up and cash out” operation. The frequency of North Korean-linked hacks rose from four in 2020 to seven in 2021, with the total value extracted experiencing a 40% increase.
Remarkably, for the first time, Ether constituted the majority of the stolen assets, accounting for 58%. The report further notes that only 20% of the stolen funds were in Bitcoin, with 22% represented by ERC-20 tokens or other altcoins. This diversification in stolen cryptocurrencies suggests that North Korea’s laundering operations have grown increasingly sophisticated.