In 2021, the value of crypto coins like Ethereum and Bitcoin rose sharply, luring thousands of investors worldwide. Unfortunately, North Korean hackers also noticed the rise in value.
Fake or scam crypto projects duping people of their money have made headlines in the last few years. Moreover, the cryptocurrency exchanges are not as safe as they are said to be as hackers are devising new ways to break through the defense of exchanges to steal cryptocurrency.
2021 was a banner year for North Korean hackers
North Korea-based hackers managed to steal a considerable amount of money from the crypto exchanges. The finding comes from Chainalysis, a Blockchain analysis firm. It says the North Korean hackers stole crypto coins worth US$395 million in 2021.
The nine-figure sum represents a nearly US$100 million increase over the previous year’s thefts by North Korean hacker groups, and it brings their total haul over the past five years to US$1.5 billion in cryptocurrency alone — not including the uncounted hundreds of millions more the country has stolen from the traditional financial systems.
That hoard of stolen cryptocurrency now contributes significantly to the coffers of Kim Jong-un’s totalitarian regime as it seeks to fund itself — and its weapons programs — despite the country’s heavily sanctioned, isolated, and ailing economy.
“They’ve been very successful,” says Erin Plante, a senior director of investigations at Chainalysis, whose report calls 2021 a “banner year” for North Korean cryptocurrency thefts.
Thefts increase despite a law enforcement crackdown
The findings show that North Korea’s global serial robberies have accelerated even amid an attempted law enforcement crackdown; the U.S. Justice Department, for instance, indicted three North Koreans in absentia in February of last year, accusing them of stealing at least US$121 million from cryptocurrency businesses, along with a slew of other financial crimes.
Charges were also brought against a Canadian man who allegedly helped launder the funds. But those efforts haven’t stopped the hemorrhaging of crypto wealth. “We were excited to see actions against North Korea from law enforcement agencies,” Plante says, “yet the threat persists and is growing.”
The seven breaches Chainalysis tracked in 2021 amount to three more than in 2020, though fewer than the 10 successful attacks that North Korean hackers carried out in 2018 when they stole a record US$522 million.
Ether is the cryptocurrency of choice for North Korean hackers
Bitcoin no longer represents anywhere near the majority of North Korea’s take, accounting for only around 20 percent of the stolen funds. Fully 58 percent of the groups’ cryptocurrency gains came instead in the form of stolen ether, the Ethereum network’s currency unit.
Another 11 percent, around US$40 million, came from stolen ERC-20 tokens, a form of crypto-asset used to create smart contracts on the Ethereum blockchain.
Chainalysis’ Plante attributes that increased focus on Ethereum-based cryptocurrencies — US$272 million in total thefts last year versus US$161 million in 2020 — to the skyrocketing price of assets in the Ethereum economy, combined with the nascent companies that growth has fostered.
All thefts point to Lazarus
Chainalysis says it linked all seven 2021 cryptocurrency hacks to North Korean hackers based on malware samples, hacking infrastructure, and following the stolen money into clusters of blockchain addresses it has identified as controlled by the North Korean hackers.
Chainalysis says the thefts were all carried out by Lazarus, a loose grouping of hackers all widely believed to be working in the service of the North Korean government. But other hacker-tracking firms have pointed out that Lazarus comprises many distinct groups.
Last year, for instance, two North Korean groups, TEMP.Hermit and Kimsuky, both seemed tasked with targeting biomedical and pharmaceutical organizations. Yet both groups also targeted cryptocurrency holders throughout 2021.
Another group called APT38 — which has previously focused on more traditional financial intrusions, such as the theft of US$110 million from the Mexican financial firm Bancomext and US$81 million from Bangladesh’s Central Bank — now appears to have also turned its sights on cryptocurrency targets.
One reason the hackers have focused on cryptocurrency over other forms of financial crime is no doubt the relative ease of laundering digital cash. Many groups have cashed out their gains through exchanges, primarily exploiting in Asia and trading their cryptocurrency for Chinese RMB.
Until the cryptocurrency industry figures out how to secure itself against these hackers — or to prevent their coins from being laundered and converted into clean bills — the Kim regime’s illicit, ethereal revenue stream will only continue to grow.
