North Korean Hackers Responsible for One-Third of Crypto Hacks in 2022
A recent report from TRB Labs revealed that bad actors from the Democratic People’s Republic of Korea (DPRK) were behind approximately one-third of all crypto hacks deployed last year. Despite a 30% decrease in stolen funds compared to the previous year, North Korean hackers, believed to be led by the Lazarus Group, managed to steal $600 million in digital assets. This number could increase by an additional $100 million if stoppage time hacks like the Orbit Bridge exploit are attributed to Lazarus and North Korea’s cybercriminal organizations.
Hackers Siphoned $1.5 Billion from Crypto in 24 Months
According to TRB Labs, hackers associated with the DPRK have siphoned approximately $1.5 billion from the crypto industry over a period of 24 months. Since 2017, they have stolen nearly $3 billion. These attacks typically involve social engineering campaigns targeted at employees of crypto start-ups and decentralized protocols.
Lazarus Group’s Tactics and Cash-Out Methods
Once a target is compromised, the Lazarus Group utilizes hijacked private keys and seed phrases, essential components of cryptocurrency storage, to initiate unauthorized blockchain transactions. The stolen funds are often dispersed across multiple wallets, with a portion eventually being deposited into crypto mixers like Tornado Cash or Sinbad.
North Korean hackers cash out their stolen assets through over-the-counter (OTC) desks by exchanging tokens such as Tether’s USDT for fiat currencies. The company has reportedly increased its efforts to combat money laundering and is collaborating with the U.S. Treasury in this regard.
Sanctions on Cryptocurrency Protocols
The Office of Foreign Assets Control (OFAC) has imposed sanctions on protocols like Tornado Cash, Sinbad, and Blender.io that allow users to obfuscate transactions. These measures are part of a broader “whole of government” approach aimed at targeting Lazarus and its operations, which authorities suspect contribute funds to North Korea’s nuclear program.
The Financial Crimes Enforcement Network has labeled crypto mixers as a national security threat, leading the U.S. to engage with other governments around the world to address this issue.
Trilateral Initiative Against Cryptocurrency Money Laundering
In an effort to combat cryptocurrency money laundering by Lazarus and other DPRK-backed actors, authorities from the U.S., South Korea, and Japan have announced a trilateral initiative. This collaborative effort aims to tackle the illicit financial activities associated with North Korean hackers.
Hot Take: North Korean Hackers Remain a Significant Threat in the Crypto Space
The report from TRB Labs highlights the ongoing threat posed by North Korean hackers in the crypto industry. Despite a decrease in stolen funds compared to the previous year, their activities continue to target and exploit vulnerabilities within the ecosystem. It is crucial for individuals and organizations involved in the crypto space to remain vigilant and implement robust security measures to protect against these persistent threats. Collaboration between governments and industry stakeholders is essential to effectively combat North Korean cybercriminal organizations and safeguard the integrity of the crypto market.
By
By
By
By