Cybercriminals linked to North Korea carried out at least seven attacks on cryptocurrency platforms last year, netting some $400 million in digital assets, according to blockchain analysis firm Chainalysis.
Calling 2021 a “banner year” for North Korean hackers, the Jan. 13 Chainalysis report said that many of the cyberattacks were likely carried by a group known to security researchers as APT 38, or the “Lazarus Group,” which is believed to be led by the reclusive regime’s main intelligence agency—the Reconnaissance General Bureau.
“These attacks targeted primarily investment firms and centralized exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organizations’ internet-connected ‘hot’ wallets” into addresses controlled by the North Korean regime, Chainalysis said.
After seizing the crypto assets, the hackers began a “careful laundering process to cover up and cash out,” the report said, noting a significant increase in the rogue actors’ use of software tools called mixers to conceal their operations.
North Korea “is a systematic money launderer, and their use of multiple mixers—software tools that pool and scramble cryptocurrencies from thousands of addresses—is a calculated attempt to obscure the origins of their ill-gotten cryptocurrencies while offramping into fiat,” Chainalysis said.
Lazarus Group has stolen and laundered vast sums of digital currencies every year since 2018, typically in excess of $200 million, according to Chainalysis. The number of North Korea-linked cyberattacks rose from four in 2020 to seven in 2021, while their value in dollar terms rose by around 40 percent, the group added.
While North Korea has denied involvement, its regime has been linked to major cyberattacks, including a 2013 campaign that paralyzed the servers of South Korean financial institutions, the 2014 hacking of Sony Pictures, and the WannaCry malware attack of 2017.
The 2014 Sony hack led to the release of tens of thousands of confidential Sony emails and business files. The WannaCry cyberattack in 2017 scrambled data on hundreds of thousands of computers at government agencies, banks, and other businesses across the globe and crippled parts of the British health care system.
In February 2021, U.S. authorities charged three computer programmers linked to North Korea with a massive hacking spree aimed at stealing more than $1.3 billion in money and cryptocurrency from financial institutions and companies.
“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” Acting U.S. Attorney Tracy L. Wilkison for the Central District of California said in a statement at the time. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”
The U.N. Security Council said in a 2019 report (pdf) that ill-gotten gains from North Korea-linked hacks have been used to bolster the regime’s ballistic missile program and other weapons systems.