North Korean Attackers Have Stolen $200 Million Across 30 Crypto Heists in 2023: TRM Labs
A new report from blockchain analytics firm TRM Labs noted that North Korean hackers have stolen more than $2 billion in cryptocurrencies in the past five years. It estimated around $200 million in crypto heists this year alone.
According to TRM Labs insights, the stolen amount accounts for 30 hacks so far in 2023, which is less than 2022, but still “10 times larger than attacks by other actors.”
“Year-to-date, North Korea has stolen USD 200 million in cryptocurrency, accounting for over 20% of all stolen crypto this year.”
North Korea has previously denied allegations of hacking or other cyberattacks. However, a UN report said that attackers in the country stole more cryptocurrency assets in 2022 than in any other year and targeted the networks of foreign aerospace and defense companies.
“In 2023, although the total amount stolen in cryptocurrency attacks is down from a record-setting 2022, North Korea has maintained its focus on the crypto ecosystem,” the study wrote.
The heists are carried out in different ways by North Koreans including through phishing and supply chain attacks, and through infrastructure hacks that involve private key or seed phrase compromises.
“In recent years, North Korea has almost exclusively targeted the DeFi ecosystem,” the report further noted. Additionally, cross-chain bridges that have increasing value, are targeted continuously.
North Korea’s Profits from Crypto Hacks
Last year has been a record-breaking year for hacks, with $4 billion stolen, which largely came from North Korean state-affiliated hacking groups.
For instance, the Ronin Network, a sidechain built for the popular play-to-earn crypto game Axie Infinity was attacked and $625 million was drained. The culprit was identified by US officials as a North Korean group – Lazarus – and the officials recovered close to $30 million.
The report wrote that the most lucrative hack in 2023 targeted a non-custodial wallet provider called Atomic Wallet. It reportedly resulted in the theft of approximately USD 100 million worth of cryptocurrency, from over 4,100 individual addresses.
“The nature of the attack on Atomic Wallet indicates that the exploit was most likely carried out through a phishing or supply chain attack.”
The assets were drained from victim wallets on the Ethereum (ETH), Tron (TRON), Bitcoin (BTC), Ripple (XRP), Dogecoin (DOGE), Stellar (XLM) and Litecoin blockchains.
Furthermore, the anonymous hackers who operate from interior North Korean locations send the drained funds from wallets directly to centralized exchanges. Once the hack is discovered, “hackers then move the funds through a series of more complex laundering techniques,” the TRM forensics revealed.