According to recent data from Chainalysis, it appears that crypto hackers from North Korea have taken almost $400 million worth of crypto through cyberattacks throughout 2021.
The blockchain analytics firm’s report from January 13 also shows that the type of crypto stolen has seen a sea change. In 2017, most of the stolen crypto by DPRK were BTC, but now, it seems that only one-fifth of the total amount stolen is Bitcoin.
According to the report, attacks from North Korea of DPRK back in 2021 mostly targeted “investment firms and centralized exchanges.” Not only that, they employed various ways to maliciously take these funds, including code exploits, advanced social engineering, and phishing lures.
The UN Security Council claims that DPRK steals crypto to dodge economic sanctions. Not only that, but they reportedly use the stolen funds to support ballistic missile programs and nuclear weapons. It’s clear that the threat DPRK poses on global crypto platforms has become even more imminent.
Nowadays, Chainalysis refers to these hackers (e.g., Lazarus Group) as advanced persistent threats or APT. For the past three years, threats from such groups have significantly increased, especially after 2018’s all-time high of more than $500 million worth of stolen crypto.
Chainalysis’ report also reveals that the hackers thoroughly laundered these funds. However, money laundering isn’t the only illegal method these groups use, including the ‘Peel Chain’ method and chain hopping. Recently, hackers have also been employing coin swaps and mixing, making things even more complex.
The hackers used mixers for more than 65% of the stolen funds from 2021. For the unfamiliar, a mixer is a software-based privacy system. It allows users to cover up the destination and source of the assets they send. More and more hackers prefer to use decentralized exchanges because they don’t require permission and offer sufficient liquidity.
As an illustration, Chainalysis used Liquid.com’s cyberattack from August 19, 2021, to showcase how DPRK hackers launder the assets. During that hack, $91 million worth of crypto was stolen. At first, the hackers swapped the ERC-20 coins for Ether using DEXs. They sent the ETH tokens to a mixer and exchanged them for Bitcoin. Again, this process was also mixed.
Lastly, the hackers sent the BTC to centralized Asian exchanges, which were most likely a fiat off-ramp.