The past year has seen a breathtaking climb in the value of cryptocurrencies like Bitcoin and Ethereum, with Bitcoin gaining 60% in value in 2021 and Ethereum rising 80%. It is therefore perhaps unsurprising that the relentless North Korean Pirates that feed off of this booming crypto economy also had a very good year.
North Korean hackers stole a total of $395 million worth of cryptocurrency last year in seven breaches of cryptocurrency exchanges and investment firms, according to blockchain analytics firm Chainalysis. The nine-figure sum represents an increase of almost $100 million over the previous year’s thefts by North Korean hacker groups, and it brings their total over the past five years to $1.5 billion. dollars in cryptocurrency alone, not counting the country’s countless hundreds of millions more. stole the traditional financial system. This hoard of stolen cryptocurrency is now contributing significantly to the coffers of Kim Jong-un’s totalitarian regime as it seeks to fund itself and weapons programs— despite the country’s heavily sanctioned, isolated and struggling economy.
“They’ve been very successful,” says Erin Plante, Senior Director of Investigations at Chainalysis, whose report calls 2021 a “record year” for North Korean cryptocurrency thefts. Findings Show Global Serial Robberies in North Korea Accelerated Even Amid Law Enforcement Crackdown Attempt; the US Department of Justice, for example, charged three North Koreans in absentia in February last year, accusing them of stealing at least $121 million from cryptocurrency businesses as well as a host of other financial crimes. Charges have also been laid against a Canadian who allegedly helped launder the funds. But these efforts have not stopped the bleeding of crypto wealth. “We were pleased to see action against North Korea from law enforcement,” Plante said, “but the threat persists and is getting worse.”
The numbers from Chainalysis, based on exchange rates at the time the money was stolen, do more than just indicate an appreciation in the value of the cryptocurrency. The growth in stolen funds also follows the number of thefts last year; the seven breaches tracked by Chainalysis in 2021 are three more than in 2020, albeit less than the 10 successful attacks North Korean hackers carried out in 2018, when they stole a record $522 million.
For the first time since Chainalysis began tracking North Korean cryptocurrency thefts, Bitcoin no longer represents the majority of the country’s revenue, accounting for only around 20% of stolen funds. A total of 58% of the groups’ cryptocurrency earnings instead came in the form of stolen ether, the monetary unit of the Ethereum network. Another 11%, or around $40 million, came from stolen ERC-20 tokens, a form of crypto asset used to create smart contracts on the Ethereum blockchain.
Plante from Chainalysis attributes this increased focus on Ethereum-based cryptocurrencies — $272 million in total thefts last year versus $161 million in 2020 — to soaring asset prices in the Ethereum economy. , combined with fledgling companies that growth has fostered. “Some of these exchanges and trading platforms are just newer and potentially more vulnerable to these types of intrusions,” she says. “They trade a lot of ether and ERC-20 tokens, and they’re just easier targets.”
While Chainalysis declined to identify most of the victims of the hacker robberies it tracked last year, its report blames North Korean hackers for the about $97 million worth of crypto assets stolen from Japanese exchange Liquid.com in August, including $45 million in Ethereum tokens. (Liquid.com did not respond to WIRED’s request for comment on its August hack breach.) Chainalysis says it linked all seven 2021 cryptocurrency hacks to North Korea based of malware samples, hacking infrastructure and tracking stolen money in clusters of blockchain addresses. he identified as controlled by North Korean hackers.
According to Chainalysis, the thefts were all carried out by Lazarus, a group of hackers widely believed to be working for the North Korean government. But other hacker tracking companies have pointed out that Lazarus comprises many distinct groups. Security firm Mandiant nonetheless echoes Chainalysis’ findings that cryptocurrency theft has become a priority for virtually every North Korean group it tracks, in addition to any other missions they may pursue.
Last year, for example, two North Korean Mandiant groups called TEMP. Hermit and Kimsuky both appeared charged with targeting biomedical and pharmaceutical organizations that could steal information related to COVID-19, says Fred Plan, senior analyst at Beggar. Yet both groups continued to target cryptocurrency holders throughout the year. “That consistency of financially driven operations and campaigns continues to be the undercurrent of all of this other activity that they’ve had to do over the past year,” Plan says.
Even Mandiant Group calls APT38, which previously focused on more traditional financial intrusions, such as theft of $110 million from the Mexican financial company Bancomext and $81 million from the Central Bank of Bangladesh– now seems to have set its sights on cryptocurrency targets. “Almost every North Korean group we follow has a finger in the cryptocurrency pie in one way or another,” Plan says.
One of the reasons hackers have focused on cryptocurrency rather than other forms of financial crime is undoubtedly the relative ease of laundering digital money. After the Bangladeshi bank robbery of APT38, for example, the North Koreans had to recruit Chinese money launderers to gamble his tens of millions at a Manila casino to prevent investigators from finding the stolen funds. In contrast, Chainalysis found that groups have plenty of options to launder their stolen cryptocurrency. They have taken their earnings through exchanges – largely operating those based in Asia and exchanging their cryptocurrency for Chinese renminbi – that are less than strict in complying with “know your customer” regulations. Groups have often used “mixing” services to disguise the origins of the money. And in many cases, they used decentralized exchanges designed to directly connect cryptocurrency traders without intermediaries, often with few anti-money laundering rules.
Chainalysis has found that North Koreans have been remarkably patient in cashing out their stolen crypto, often holding the funds for years before beginning the laundering process. In fact, the hackers still appear to be holding $170 million in unlaundered cryptocurrency from previous years’ thefts, which they will no doubt collect over time.
All those hundreds of millions, according to Mandiant’s Fred plan, will end up in the accounts of a highly militarized rogue nation that has spent years under severe sanctions. “The North Korean regime has realized that it has no other options. It has no other real way to engage with the world or with the economy. But it has this computing capacity enough impressive,” says Plan. “And they are able to leverage that to bring money into the country.”
Until the cryptocurrency industry figures out how to protect itself against these hackers – or to prevent their coins from being laundered and converted into clean bills – the illicit and ethereal revenue stream of the Kim regime will only grow.
This story originally appeared on wired.com.
- Blockchain, explained: what’s a block, what’s a chain, and the tech behind crypto
- How to Learn Solidity in 2022 – 11 Courses/Resources
- An In-Depth Guide on the Types of Blockchain Nodes
- 14 Best Security Measures to Secure Your Cryptocurrency
- North Korean state hackers start targeting IT supply chain
