Bad actors from the Democratic People’s Republic of Korea (DPRK) masterminded one-third of all crypto hacks deployed last year, said a Jan. 5 report from TRB Labs.
Despite a 30% drop in 2022’s $850 million, North Korean crypto hackers, likely led by the infamous Lazarus Group, stole $600 million in digital assets last year. This figure could increase by $100 million if stoppage time hacks like the $80 million Orbit Bridge exploit become attributed to Lazarus and North Korea’s cybercriminal organizations.
According to TRB Labs, hackers affiliated with the DPRK siphoned roughly $1.5 billion from crypto in 24 months and have stolen nearly $3 billion since 2017. The attacks are typically carried out via social engineering campaigns targeted at staffers working for crypto start-ups and decentralized protocols.
Once a target has been compromised, Lazarus uses hijacked private keys and seed phrases, key aspects of cryptocurrency storage, to initiate unauthorized blockchain transactions. In most cases, the stolen assets are disbursed across many wallets, and a portion is eventually deposited into a crypto mixer like Tornado Cash or Sinbad.
North Korean hackers also cash out their hauls via OTC desks, exchanging choice tokens like Tether’s stablecoin USDT for fiat. The company has reportedly beefed up vigilance against money laundering and is working with the U.S. Treasury to combat illicit finance.
Protocols like Tornado Cash, Sinbad, and Blender.io that allow users to obfuscate transactions have also been sanctioned by the Treasury’s Office of Foreign Assets Control (OFAC).
OFAC sanctions underpin a larger “whole of government” approach toward Lazarus and its operations, which authorities believe funnels profits to North Korea’s nuclear program. The Financial Crimes Enforcement Network labeled crypto mixers a national security threat, while the U.S. has engaged other world governments.
Authorities from the U.S., South Korea, and Japan announced a trilateral initiative to tackle cryptocurrency money laundering by Lazarus and other DPRK-funder actors.
Source: https://crypto.news/north-korean-crypto-hackers-raided-600m-in-2023/