BlocksInform
North Korean hackers stole close to $400 million in cryptocurrency from at least seven cyber attacks on exchange platforms last year.
"between 2020 and 2021, the number of north korean hacks has been reduced from four to seven, and the value extracted from these hacks increased by 40%," according to a recent chainalysis-based analytics blockchain firm. "Once North Korea secured custody of the funds, they began a thorough laundering process to hedge and cash."
While Chainalysis neglected to identify all the hacks targets, the report detailed that they had been mainly investment firms and centralized trades. One of the exchanges, liquid.com, reported unauthorized access to several portfolios it managed last August.
According to the report, hackers used a variety of skills to extract funds from the portfolios of these organizations to North Korean-controlled addresses. This included phishing decoys, code exploits, malware, and advanced social engineering techniques. Furthermore, the report stated that North Korea had significantly increased the use of "blenders" to launder stolen cryptocurrency.
lazarus group
It seems likely that many of these cyberattacks have been carried out by the lazarus group, which, according to the united states, is monitored by the general reconnaissance bureau, the main north korean intelligence bureau. The group has already been accused of being involved in "wanna cry" ransomware attacks and cyberattacks perpetrated against Sony Pictures in 2014.
Last year, the United States charged three North Korean programmers with a massive series of hacking for years, hoping to steal $1.3 billion in cash and crypto. meanwhile, south korean media outlets reported late last year that north korea had hacked 2 trillion won ($1.7 billion) worth of cryptocurrencies from exchanges. The reports also noted that the hackers seemed to be holding the assets, rather than selling them immediately in cash.
For its part, the chainalysis report identified $170 million in non-optimized cryptocurrency holdings from 49 separate hacking events between 2017 and 2021. Although uncertain of their ultimate motives, the report stated that it was deliberately premeditated by the pirates. "no matter what the reason.", how long north korea is willing to keep these funds is telling, because he suggests a prudent plan, not desperate or hasty," concludes chainalysis.
