A recent study by TRM Labs reveals that hackers associated with North Korea successfully pilfered a staggering $600 million in cryptocurrency during 2023.
Further investigations into hacks executed in the closing days of the previous year, if conclusively linked to North Korea, could elevate the total to approximately $700 million.
TRM Labs is a San Francisco-based company providing digital asset compliance and risk management solutions. Their software platform offers on-chain customer due diligence, transaction monitoring, and customer relationship management.
They serve financial institutions, cryptocurrency businesses, and government agencies worldwide. TRM Labs’ tools allow customers to monitor transactions across 29 blockchains, including NFT coverage and DeFi protocols.
With $150.05 million raised from investors like PayPal Ventures and Goldman Sachs, TRM Labs is currently valued at $600 million.
According to TRM Labs, despite a 30% reduction from the $850 million seized in 2022, the Democratic People’s Republic of Korea (DPRK) accounted for nearly one-third of all funds stolen in crypto attacks last year.
The average damage caused by DPRK-linked hacks was ten times more severe than those unrelated to North Korea. Since 2017, losses attributable to Pyongyang-affiliated threat actors have amounted to almost $3 billion in cryptocurrency.
North Korea primarily employs a strategy of compromising private keys and seed phrases, critical security components of digital wallets, in its cyberattacks.
The stolen digital assets are then transferred to wallet addresses controlled by North Korean operatives, often exchanged for USDT or Tron, and subsequently converted into hard currency using high-volume over-the-counter (OTC) brokers.
The DPRK’s money laundering techniques constantly adapt to evade international law enforcement pressure. Notably, following US sanctions on Tornado Cash and ChipMixer – previously favored obfuscation platforms – North Korea shifted to another mixer, the BTC service Sinbad. Despite Sinbad facing sanctions in November 2023, North Korea continued exploring alternative laundering tools.
The Lazarus Group is a notorious cybercrime group in North Korea. It has been attributed to a series of high-profile cyber attacks, including the spread of the WannaCry ransomware, theft from the Bangladesh Central Bank, and hacking of the Japanese cryptocurrency exchange Coincheck.
The group is known for its expertise in fund theft, having stolen billions of dollars in cryptocurrency over the years. It has been designated as an advanced persistent threat due to its intended nature, threat, and wide array of methods used when conducting operations.
The Lazarus Group has been the subject of sanctions by the U.S. Department of the Treasury, and its activities primarily target entities in South Korea and South Korean interests for espionage, disruption, and financial gain.
Having stolen nearly $1.5 billion in the past two years alone, North Korea’s proficiency in hacking underscores the ongoing need for heightened vigilance and innovative security measures by businesses and governments.
Despite advancements in cybersecurity among exchanges and increased international collaboration to track and recover stolen funds, 2024 could still witness further disruptions from one of the world’s most prolific cyber-thieves.
