Saw one in the past year amazing rise in value Cryptocurrencies such as Bitcoin and Ethereum, Bitcoin will rise 60% in value in 2021, and Ethereum will soar 80%.So perhaps unsurprisingly, relentless North Korean hackers People who make a living from the booming crypto economy also had a very good year.
North Korean hackers stole $395 million worth of cryptocurrency last year through seven breaches of cryptocurrency exchanges and investment firms, according to blockchain analysis firm Chainalysis. The nine-figure sum is an increase of nearly $100 million compared to last year’s theft by North Korean hacking groups, which have totaled $1.5 billion in cryptocurrency theft over the past five years alone — excluding the country Hundreds of millions of dollars. Has been stolen from the traditional financial system.Now, in Kim Jong-un’s totalitarian regime seeking to finance itself and its weapons program— despite the country’s severe sanctions, isolation and economic woes.
“They were very successful,” said Erin Plante, senior director of investigations at Chainalysis. Its report calls 2021 a “signature year” for North Korean cryptocurrency theft. Findings suggest that North Korea’s global robbery has accelerated even during attempted crackdowns by law enforcement; for example, the U.S. Department of Justice, Indicted three North Koreans in absentia last February, accusing them of stealing at least $121 million from cryptocurrency businesses as well as a string of other financial crimes. Charges have also been laid against a Canadian man who allegedly helped launder money. But these efforts have not stopped the loss of cryptocurrency wealth. “We are pleased to see law enforcement agencies take action against North Korea,” Plant said, “but the threat remains and is growing.”
The Chainalysis numbers are based on the exchange rate at the time the money was stolen and not only indicate an appreciation in the value of cryptocurrencies. The increase in stolen funds also kept pace with last year’s number of thefts; the seven breaches tracked by Chainalysis in 2021 were three more than in 2020, although less than the 10 successful attacks by North Korean hackers in 2018, when they stole a record $522 million.
For the first time since Chainalysis began tracking North Korean cryptocurrency thefts, bitcoin no longer represents most of the country’s assets, accounting for only about 20 percent of stolen funds. Fifty-eight percent of these groups’ crypto earnings came from stolen ether, the unit of currency on the ethereum network. Another 11% (~$40 million) came from stolen ERC-20 tokens, a form of cryptoasset used to create smart contracts on the Ethereum blockchain.
Chainalysis’ Plante will focus more on ethereum-based cryptocurrencies — thefts totaled $272 million last year compared to $161 million in 2020 — due to soaring asset prices in the ethereum economy, coupled with growth fostered of emerging companies. “Some of these exchanges and trading platforms are newer and may be more vulnerable to these types of intrusions,” she said. “They trade ether and ERC-20 tokens a lot, they’re just easier targets.”
While Chainalysis declined to name the majority of the victims of the hacking thefts it tracked last year, its report did attribute the hacking thefts to North Korean hackers. Japanese exchange Liquid.com stole around $97 million in crypto in August, including $45 million in Ethereum tokens. (Liquid.com didn’t respond to WIRED’s request for comment on its August hack.) Chainalysis said it will be all seven in 2021 based on malware samples, hacking infrastructure and tracking stolen funds into a cluster of blockchain addresses Cryptocurrency hack linked to North Korea It has been determined to be controlled by North Korean hackers.
Chainalysis said the thefts were carried out by Lazarus, a loose group of hackers widely believed to be working for the North Korean government. But other hacker-tracking companies point out that Lazarus includes many different groups. Still, security firm Mandiant agrees with Chainalysis’ findings that stealing cryptocurrency has become a top priority for nearly every North Korean group it tracks, in addition to any other tasks they might perform.
Last year, for example, two North Korean groups at Mandiant called TEMP.Hermit and Kimsuky both appeared to be responsible for targeting biomedical and pharmaceutical organizations, potentially stealing information related to COVID-19, said Fred Plan, a senior analyst at Mandiant. However, both groups continued to target cryptocurrency holders throughout the year. “The consistency of financially motivated operations and activities remains an undercurrent of all the other activities they have had to do over the past year,” Plan said.
It’s even known as APT38 by the Mandiant group, which previously focused on more traditional financial intrusions such as $110 million stolen from Mexican financial firm Bancomext and $81 million from Bangladesh Central Bank– Now seems to have turned its attention to cryptocurrency targets. “Almost every North Korean group we tracked was involved in the cryptocurrency market in some way,” Plan said.
One reason hackers are focusing on cryptocurrencies rather than other forms of financial crime is undoubtedly the relative ease of laundering digital cash.For example, after APT38’s Bangladesh Bank robbery, North Koreans had to Chinese money launderers recruited to gamble tens of millions at a Manila casino to prevent investigators from tracing stolen funds. In contrast, Chainalysis found that these groups have many options for laundering stolen cryptocurrency. They cashed out their gains through exchanges — mostly using Asian exchanges and swapping their cryptocurrencies for yuan — which have lax know-your-customer rules. These groups often use “hybrid” services to obscure the source of the funds. In many cases, they have used decentralized exchanges designed to connect cryptocurrency traders directly, without intermediaries, and often with few anti-money laundering rules.
Chainalysis found that North Koreans are very patient in cashing out their stolen cryptocurrencies, often holding the funds for years before starting the money laundering process. In fact, the hackers appear to still be in possession of the $170 million in unlaundered cryptocurrency stolen from previous years, which they will no doubt cash out over time.
All of those hundreds of millions will end up in the accounts of a highly militarized rogue state that has been heavily sanctioned for years, Mandiant’s Fred Plan said. “The North Korean regime has found that they have no choice. They don’t have any other real way of engaging with the world or the economy. But they do have this fantastic cyber capability,” Puran said. “And they were able to use it to bring money to the country.”
Until the cryptocurrency industry figures out how to protect itself from these hacks — or prevent their coins from being laundered and converted into clean bills — the Kim regime’s illicit, ethereal revenue stream will only continue to grow.
This story originally appeared in wired network.
