North Korean crypto hacks down 80% but that could change overnight: Chainalysis

Cryp­tocur­ren­cy stolen by North Korea-linked hack­ers is down a whop­ping 80% from 2022 — but a blockchain foren­sics firm says it isn’t nec­es­sar­i­ly a sign of progress.

As of Sept. 14, 2023, North Korea-linked hack­ers have stolen a total of $340.4 mil­lion worth of cryp­tocur­ren­cy, down from a record $1.65 bil­lion report­ed funds stolen in 2022. 

“The fact that this year’s num­bers are down is not nec­es­sar­i­ly an indi­ca­tor of improved secu­ri­ty or reduced crim­i­nal activ­i­ty,” Chainal­y­sis said in a Sept. 14 report. “We must remem­ber that 2022 set a dis­mal­ly high benchmark.”

“In real­i­ty, we are only one large hack away from cross­ing the bil­lion-dol­lar thresh­old of stolen funds for 2023.”

Over the past 10 days, North Korea’s Lazarus Group has been linked to two sep­a­rate hacks — Stake ($40 mil­lion) on Sept. 4 and CoinEx ($55 mil­lion) on Sept. 12, com­bin­ing for a loss of over $95 million.

With the lat­est two hacks, North Korea-linked attacks have made up for about 30% of all cryp­to funds stolen in hacks this year, not­ed Chainalysis. 

North Korea turns to dubious exchanges, mixers

Mean­while, Chainal­y­sis has found that North Kore­an hack­ers have become increas­ing­ly reliant on cer­tain Russ­ian-based exchanges to laun­der illic­it funds over the last few years. 

The firm said North Korea has been using var­i­ous Russ­ian-based exchanges since 2021. One of the largest laun­der­ing events involved $21.9 mil­lion in funds trans­ferred from Harmony’s $100 mil­lion bridge hack on June 24, 2022.

Unit­ed States-sanc­tioned cryp­tocur­ren­cy mix­ers Tor­na­do Cash and Blender have also been used by Lazarus Group in the Har­mo­ny Bridge hack and oth­er high-pro­file hacks com­mit­ted by the group.

We’ve observed instances of DPRK-linked hack­ers send­ing funds to Russ­ian ser­vices since 2021. But this year’s trans­fer of $21.9M stolen from Har­mo­ny to a high-risk Russ­ian exchange is an esca­la­tion of that activ­i­ty. You can see exam­ples of some of those trans­ac­tions below. pic.twitter.com/S9cDxlk9Hu

— Chainal­y­sis (@chainalysis) Sep­tem­ber 14, 2023

Relat­ed: FBI flags 6 Bit­coin wal­lets linked to North Korea, urges vig­i­lance in cryp­to firms 

The Unit­ed Nations is mak­ing an effort to cur­tail North Korea’s cyber­crime tac­tics at the inter­na­tion­al lev­el — as it is under­stood North Korea is using the stolen funds to sup­port its nuclear mis­sile program.

Mean­while, the firm hopes increased smart con­tract audits will make life tougher for these hackers.

Mag­a­zine: Deposit risk: What do cryp­to exchanges real­ly do with your money?