Hackers from North Korea stole almost $400 million value of cryptocurrency in 2021 by at the very least seven assaults and most of it was Ether or ETH slightly than Bitcoin, in keeping with blockchain evaluation agency, Cainalysis.
2021 was a document yr for North Korea’s army hackers, probably the most infamous of which is Lazarus, the group behind the damaging wiper assault on Sony Photos Leisure in 2014, WannaCry ransomware in 2017, a number of banks by way of the SWIFT banking system, and quite a few cryptocurrency exchanges.
Often known as APT 38, the group has centered in on cryptocurrency theft as a chief car for elevating income for the nation and evading US and UN financial sanctions. A UN Panel of consultants in 2018 concluded that its cryptocurrency hacks contribute to North Korea’s ballistic missile packages.
The group employs widespread techniques utilized by different nation-state hacking teams and cybercriminals, including social engineering, phishing and software program exploits.
“From 2020 to 2021, the variety of North Korean-linked hacks jumped from 4 to seven, and the worth extracted from these hacks grew by 40%,” Chainalysis mentioned in its report.
Assaults from North Korean hackers in 2021 principally focused funding companies and centralized cryptocurrency exchanges, according to Chainalysis. The teams used social engineering to maneuver funds from targets’ wallets to addresses managed by North Korean accounts. The funds had been then laundered and cashed out.
Final yr, 68% of the funds that North Korean hackers stole had been Ether, which changed Bitcoin as the first cryptocurrency. Bitcoin, nevertheless, nonetheless performs a key function in laundering stolen Ether by way of decentralized exchanges earlier than being blended into new wallets after which cashed out.
Cryptocurrency mixer or ‘tumbler’ software program breaks down a person’s funds into small sums and blends it with different transactions in micro-transactions earlier than sending an equal worth to a brand new tackle. The US filed its first money laundering charges against a US Bitcoin mixing service in 2020.
“DPRK is a scientific cash launderer, and their use of a number of mixers … is a calculated try to obscure the origins of their ill-gotten cryptocurrencies whereas offramping into fiat,” the report notes.
North Korea additionally has about $170 million in cryptocurrency holdings from 49 assaults which have but to be laundered by mixers. Of that, $55 million got here from assaults carried out in 2016 whereas $35 million got here from assaults in 2020 and 2021.
Chainalysis notes that $97 million stolen from cryptocurrency wallets managed by Japanese cryptocurrency exchange Liquid.com in August was moved to addresses managed by a celebration engaged on behalf of DPRK, leading to $91.35 million being laundered.
North Korea’s hacks on cryptocurrency exchanges are properly doc by the US Cybersecurity and Infrastructure Safety Company (CISA). The US authorities’s umbrella time period for the nation’s hacking is HIDDEN COBRA.
A February 2021 report from CISA particulars the work of North Korean hackers in reference to the AppleJesus malware that focused Home windows and Mac methods worldwide by posing as a respectable cryptocurrency buying and selling platform.