North Korean hackers are sitting on $170 million worth of unlaundered crypto 

Share This Post

Cybercriminals for the Democratic People’s Republic of Korea (DPRK) affirmed themselves as an advanced persistent threat to the cryptocurrency industry in 2021, Chainalysis reported.

According to the blockchain-based data platform which supports government and private sectors in detecting and preventing the illicit use of cryptocurrencies, North Korean hackers stole $400 million worth of crypto last year, while the amount of total unlaundered funds stockpiled to an all-time high (ATH).

“Lazarus Group”

Targeting primarily investment firms and centralized exchanges, North Korean hackers launched at least seven attacks on cryptocurrency platforms–extracting almost $400 million worth of crypto in 2021.

While, compared to 2020, the number of attacks jumped from four to seven, the value extracted grew by 40%.

North-Korean hacks over time (Chainalysis)

To siphon funds out of these organizations’ “hot” wallets into DPRK-controlled addresses, cybercriminals used phishing lures, code exploits, malware, and advanced social engineering.  

Once North Korea gained custody of the stolen crypto, they used careful laundering tactics to cover up and cash out the funds. 

“These complex tactics and techniques have led many security researchers to characterize cyber actors for the DPRK as advanced persistent threats (APTs),” the report noted, adding this is particularly true for APT 38, aka the “Lazarus Group,” led by DPRK’s primary intelligence agency, the US and UN-sanctioned Reconnaissance General Bureau

From 2018 on, Lazarus Group stole and laundered massive sums of cryptocurrencies each year–typically exceeding $200 million. 

“The most successful individual hacks, one on KuCoin and another on an unnamed cryptocurrency exchange, each netted more than $250 million alone,” read the report, noting that, according to the UN security council, the revenue from the hacks supports North Korea’s WMD and ballistic missile programs.

Laundering process

In 2021, in terms of dollar value, Ethereum for the first time ever accounted for the majority of crypto stolen by DPRK, while Bitcoin accounted for only 20%, and ERC-20 tokens and altcoins accounted for 22% of the funds. 

Share of stolen crypto funds by coin type over time (Chainalysis)

The growing variety of cryptocurrencies stolen led to the increased complexity of DPRK’s crypto laundering, according to Chainalysis, which broke down the sophisticated process into several steps, observing an increased use of ‘mixers’ among North-Korean hackers in 2021.

These software tools enable hackers to pool and shuffle cryptocurrencies from thousands of addresses and vastly complicate the tracking of transactions.

Chainalysis explained the currently used tactics based on one of the past years’ attacks–resulted in $91.35 million in crypto laundered.

In August, Liquid.com reported that an unauthorized user had gained access to some of the wallets managed by the crypto exchange. In the attack, 67 different ERC-20 tokens, along with large sums of Ethereum and Bitcoin were moved from these crypto wallets to addresses controlled by a party working on behalf of DPRK. 

In a typically used laundering process, ERC-20 tokens and altcoins are swapped for Ethereum at DEXs.

Laundering process visualization in Chainalysis Reactor: Stolen ERC-20 tokens swapped for Ethereum at DEXs (Chainalysis)

In the next step, Ethereum is mixed and swapped for Bitcoin on DEXs and CEXs.

Laundering process visualization in Chainalysis Reactor: Mixed Ethereum deposited at DEXs and CEXs to swap for Bitcoin (Chainalysis)

Finally, Bitcoin is mixed and consolidated into new wallets–after which it gets sent to deposit addresses at crypto-to-fiat exchanges based in Asia.

Laundering process visualization: Bitcoin is mixed, consolidated into new wallets, and deposited at crypto-to-fiat exchange services for cash out (Chainalysis)
Laundering process visualization: Bitcoin is mixed, consolidated into new wallets, and deposited at crypto-to-fiat exchange services for cash out (Chainalysis)

According to the report, more than 65% of DPRK’s stolen funds were laundered through mixers in 2021, up from 42% in 2020.

Chainalysis describes DPRK’s use of multiple mixers as a “calculated attempt to obscure the origins of their ill-gotten cryptocurrencies while off ramping into fiat.” 

Meanwhile, DPRK hackers resort to DeFi platforms like DEXs to “provide liquidity for a wide range of ERC-20 tokens and altcoins that may not otherwise be convertible into cash.” 

Swapping these cryptos for Ethereum or Bitcoin makes them not only more liquid, but opens up a greater choice of mixers and exchanges. 

Being non-custodial, DeFi platforms often don’t collect know-your-customer (KYC) information, which enables hackers to use their services without having their assets frozen or their identities exposed, according to Chainalysis.

Unlaundered funds stockpiling

“Chainalysis has identified $170 million in current balances–representing the stolen funds of 49 separate hacks spanning from 2017 to 2021–that are controlled by North Korea but have yet to be laundered through services,” read the report.

The report revealed massive unlaundered balances as much as six years old–approximately $35 million of DPRK’s total holdings came from attacks in 2020 and 2021, while more than $55 million came from attacks carried out in 2016.

Balances held by DPRK by year of attacks (Chainalysis)
Balances held by DPRK by year of attacks (Chainalysis)

“It’s unclear why the hackers would still be sitting on these funds, but it could be that they are hoping law enforcement interest in the cases will die down, so they can cash out without being watched,” read the report, adding that whatever the reason “the length of time that DPRK is willing to hold on to these funds is illuminating because it suggests a careful plan, not a desperate and hasty one.” 

The post North Korean hackers are sitting on $170 million worth of unlaundered crypto  appeared first on CryptoSlate.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

ApeCoin Holds Steady At Key Level – Can A Rebound Follow?

ApeCoin is holding steady at the crucial $1 support level, fueling speculation on whether the bulls are ready for a comeback as it maintains its position above this key mark Recent bearish pressure

Ethereum Price Completes 12 Weeks Of Bottom Formation, Analyst Says Don’t Aim Lower Than $4,900 ATH

Technical analysis suggests the days of the Ethereum price consolidation might be over very soon At the time of writing, Ethereum is trading with a 007% gain in the past 30 days, which reveals the

DOJ Takes Down Rug Pull Duo Behind $400,000 NFT Debacle

A federal jury convicted a man for orchestrating an NFT rug pull scheme, pocketing nearly $400,000 through abandoned projects and cryptocurrency laundering schemes The NFT Rug Pull That Went Too Far

Nexo Launches Digital Asset Wealth Platform in Strategic Rebrand

Nexo has announced a rebranding initiative, repositioning itself as a digital asset wealth platform aimed at long-term crypto wealth management Nexo Targets Wealthy Investors With Rebrand Amid Crypto

Tether hits $7.7 billion in profit YTD as reserves reach record high

Tether Limited reported $25 billion in net profit for the third quarter, bringing its year-to-date profits to a record-breaking $77 billion The firm’s strong third-quarter numbers were

Ethereum Setting Up For A Potential Upward Breakout Rally, Here’s How

Crypto enthusiasts and investors’ confidence in a major rally for Ethereum, the second largest digital asset, has grown strongly following ETH’s renewed price performance, triggered by a