North Korean hackers ramped up crypto attacks in 2021
Image credit: Dreamstime
Cybercriminals working from North Korea launched at least seven attacks on cryptocurrency platforms in 2021 that extracted nearly $400m worth of digital assets, a study has found.
A report from Chainanalysis found the attacks targeted primarily investment firms and centralised exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds.
Once North Korea gained custody of the funds, the hackers began a careful laundering process to cover up and cash out.
Last year, experts at the United Nations said that North Korea was using the crypto funds to help finance its domestic nuclear weapons programme. In 2019, the renegade state was found to have launched 35 cyber attacks on 17 countries with that express purpose. It was also blamed for the WannaCry virus which took down NHS computer systems in 2017.
Chainanalysis said the complex tactics employed by the North Korean hackers have led many security researchers to characterise them as advanced persistent threats (APTs).
This is especially true for APT 38, also known as “Lazarus Group,” which is led by the country’s primary intelligence agency.
While the report referred to the attackers as North Korean-linked hackers more generally, many of these attacks were likely carried out by the Lazarus Group in particular, it said.
Lazarus Group first gained notoriety from its Sony Pictures and WannaCry cyber attacks, but it has since concentrated its efforts on cryptocurrency crime, which has proved “immensely profitable”.
From 2018 onwards, the group has stolen and laundered massive sums of virtual currencies every year, typically in excess of $200m (£147m).
The most successful individual hacks, one on KuCoin and another on an unnamed cryptocurrency exchange, each netted more than $250m alone.
In 2021, North Korean hacking activity was found to be on the rise, with the number of hacks linked to the country jumping from four to seven, and the value extracted from these hacks grew by 40 per cent.
In 2021, only 20 per cent of the stolen funds were Bitcoin, whereas 22 per cent were either ERC-20 tokens or altcoins. Ether accounted for a majority of the funds stolen at 58 per cent.
Chainalysis has identified $170m in current balances – representing the stolen funds of 49 separate hacks spanning from 2017 to 2021 – that are controlled by North Korea but have yet to be laundered through services known as “mixers”.
"Whatever the reason may be, the length of time that (North Korea) is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one," Chainalysis concluded.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.