Hackers Linked to North Korea Stole Over $600 Million in Crypto in 2023, Report Reveals
A recent report by TRM Labs has uncovered that hackers connected to North Korea carried out significant cryptocurrency thefts in 2023, accumulating at least $600 million. If additional hacks in the final days of the year are confirmed to be the work of North Korea, the total stolen amount could reach around $700 million.
Despite a 30% decrease in theft compared to the previous year, the Democratic People’s Republic of Korea (DPRK) was responsible for almost one-third of all funds stolen in crypto attacks in 2023.
The TRM Labs report also delves into the methods and impact of North Korean cyberattacks on the cryptocurrency ecosystem.
North Korea’s Crypto Hacks Ten Times More Damaging Than Others
According to the TRM Labs report, hacks attributed to the DPRK were found to be ten times more damaging than those not linked to North Korea. Since 2017, over $3 billion worth of cryptocurrency has been lost to Pyongyang-linked threat actors.
The hackers primarily exploit vulnerabilities in digital wallet security, compromising private keys and seed phrases that are essential for protecting digital assets.
The stolen funds are then transferred to wallet addresses controlled by North Korean operatives, often converted into Tether’s USDT or Tron, and ultimately converted into hard currency through high-volume over-the-counter brokers.
North Korea constantly evolves its money laundering methods to evade international law enforcement pressure. After previous platforms used for obfuscation were targeted by US sanctions and enforcement actions, North Korea shifted to another mixer called Sinbad. However, Sinbad was also sanctioned in November 2023, prompting North Korea to explore alternative laundering tools.
North Korea’s Cyber-Theft Spree
With approximately $1.5 billion stolen in the past two years alone, North Korea’s hacking capabilities require continuous vigilance and innovation from businesses and governments. TRM Labs predicts that 2024 will witness further disruption from this highly prolific cyber-thief.
In response, sanctions have been imposed on eight foreign-based agents of North Korea (DPRK) and the cyber espionage group Kimsuky by the US Treasury’s Office of Foreign Assets Control (OFAC) and counterparts in Australia, Japan, and the Republic of Korea. These actions were taken following the DPRK’s military reconnaissance satellite launch on November 1, 2023.
The report highlights the activities of Kimsuky, a cyber espionage group associated with the Reconnaissance General Bureau (RGB). Kimsuky focuses on collecting intelligence related to foreign policy, national security issues concerning the Korean peninsula, nuclear policy, and sanctions.
Despite global efforts to enhance cybersecurity measures and counter these attacks, North Korea’s persistent and evolving tactics continue to pose challenges. The response of governments to mitigate these cyber crimes and reduce losses in the crypto industry remains uncertain.
Hot Take: North Korea’s Ongoing Threat to Crypto Security
The TRM Labs report sheds light on the significant impact of North Korean hackers on the cryptocurrency ecosystem. With their sophisticated methods and constant adaptation to evade law enforcement pressure, these hackers have managed to steal billions of dollars worth of crypto assets.
The international community must remain vigilant and continue to enhance cybersecurity measures to counter these threats. Additionally, governments should collaborate closely to enforce sanctions against North Korean threat actors and disrupt their illicit activities.
As we enter 2024, it is crucial to closely monitor North Korea’s cyber activities and observe what further actions will be taken to safeguard the crypto industry from their ongoing attacks.