North Korean Cybercriminals Stole Nearly $400 Million Worth of Digital Assets in 2021

Earlier this month, we reported that new data from blockchain analytics firm Chainalysis revealed that scammers stole a whopping $14 billion in cryptocurrency in 2021 partially because of the growth of the decentralized finance (DeFi) platform. Now, Chainalysis is back with another report this time outlining how many cryptocurrencies North Korean hackers managed to steal last year.

“North Korean cybercriminals had a banner year in 2021, launching at least seven attacks on cryptocurrency platforms that extracted nearly $400 million worth of digital assets last year. These attacks targeted primarily investment firms and centralized exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organizations’ internet-connected “hot” wallets into DPRK-controlled addresses,” states the report.

The analytics firm also noted that for the first time in its history of tracking North Korean cryptocurrency thefts, Bitcoin was not the area where the majority of hacks had occurred. In 2021, the cryptocurrency accounted for only around 20% of the stolen funds whereas 58% came from ether thefts, the Ethereum network’s currency unit. 

Indeed, Ethereum-based cryptocurrencies saw a whopping total of $272 million in thefts in 2021 compared to a mere $161 million in 2020. This could be because these platforms are newer and therefore less secure. They have vulnerabilities that have yet to be identified and fixed and are therefore a better target for hackers looking to profit quickly.

Chainalysis further noted that the hacks were all carried out by APT 38, also known as the “Lazarus Group.” This group is led by the Democratic People’s Republic of Korea’s primary intelligence agency, the U.S. and UN-sanctioned Reconnaissance General Bureau. It is currently believed that since 2018 the group has stolen and laundered in excess of $200 million in virtual currencies every year.