North Korea launched at least seven attacks on cryptocurrency platforms that extracted nearly $400 million in digital assets last year, one of its most successful years ever, according to a new analysis.
“From 2020 to 2021, the number of North Korea-related hacks jumped from four to seven, and the value extracted from these hacks grew by 40%,” said the report by blockchain experts Chainalysis, which was released on Thursday.
“Once North Korea took custody of the funds, they began a delicate laundering process to cover up and profit from the funds.”
A United Nations panel of experts monitoring North Korea sanctions has accused Pyongyang of using stolen money to support its nuclear and ballistic missile programs to get around the sanctions.
North Korea does not respond to media inquiries but has previously issued statements denying the hacking allegations.
Last year, the United States charged three North Korean computer programmers working for the country’s intelligence service with a massive, years-long series of hacking aimed at stealing more than $1.3 billion in cash and cryptocurrency, affecting businesses from banks to Hollywood movie studios.
Chainalysis did not identify all of the hackers’ targets, but said they were primarily investment firms and centralized exchanges, including Liquid.com, which announced in August that an unauthorized user had gained access to some of the cryptocurrency wallets it manages.
The report said the attackers used phishing lures, exploit code, malware and advanced social engineering to steal money from the organizations’ Internet-connected “hot” wallets to addresses controlled by North Korea.
Many of last year’s attacks were likely carried out by Lazarus Group, a hacking group subject to sanctions by the United States and which it says is controlled by the General Reconnaissance Office, North Korea’s main intelligence office.
The group has been accused of being involved in the WannaCry ransomware attacks, the hacking of international banks and customer accounts, and the 2014 cyber attacks on Sony Pictures Entertainment.
Chainalysis said North Korea appeared to be ramping up its efforts to launder stolen cryptocurrency, dramatically increasing its use of mixers, or software tools that collect and crowd cryptocurrencies from thousands of addresses.
The report said researchers identified $170 million in unlaundered old crypto holdings from 49 separate hacks stretching from 2017 to 2021.
The report said it was not clear why the hackers continued to get the money, but they might hope to deceive law enforcement interests before cashing out.
Whatever the reason, the length of time for it [North Korea] Willingness to keep this money is useful, because it suggests a careful plan, not desperate and hasty.”