North Korean Hackers Carefully Stole $400 Million in Crypto Last Year

North Korean hackers stole almost $400 million in cryptocurrency from at least seven cyberattacks against exchange platforms last year.

“From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%,” according to a recent report from blockchain analysis firm Chainalysis. “Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out.”

While Chainalysis neglected to identify every target of the hacks, the report detailed that they had primarily been investment firms and centralized exchanges. One such exchange,, had reported unauthorized access to several wallets it managed in August last year.

According to the report, the hackers used a variety of skills to extract funds from these organizations’ wallets into North Korea-controlled addresses. These included phishing lures, code exploits, malware, and advanced social engineering techniques. Additionally, the report detailed that North Korea significantly increased the use of ‘mixers’ to launder the stolen cryptocurrency. 

Lazarus Group

It seems likely that many of these cyberattacks had been carried out by the Lazarus Group, which the United States said is controlled by the Reconnaissance General Bureau, the primary intelligence bureau of North Korea. The group has previously been accused of involvement in the “Wanna Cry” ransomware attacks and the cyberattacks perpetrated against Sony Pictures in 2014. 

Last year, the United States charged three North Korean programmers with a massive, years-long hacking spree, allegedly hoping to steal $1.3 billion in cash and crypto. Meanwhile, South Korean media outlets reported late last year that North Korea had hacked 2 trillion won ($1.7 billion) worth of cryptocurrencies from exchanges. The reports also noted that the hackers seemed to be holding the assets, rather than selling them immediately for cash.

For its part, the Chainalysis report identified $170 million in unlaundered cryptocurrency holdings from 49 distinct hacks that occurred between 2017 to 2021. While unsure about their ultimate motives, the report said it demonstrated deliberate forethought on the part of the hackers. “Whatever the reason may be, the length of time that (North Korea) is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one,” Chainalysis concluded.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.