North's hackers cash in on cryptocurrency
![Pyongyang has ramped up its cryptocurrency heists over the past year to fund its illicit weapons programs, blockchain data platform Chainalysis reported Wednesday. [JOONGANG PHOTO]](https://koreajoongangdaily.joins.com/data/photo/2022/02/17/4de1452f-df92-4177-aac4-46c3b63ca397.jpg)
Pyongyang has ramped up its cryptocurrency heists over the past year to fund its illicit weapons programs, blockchain data platform Chainalysis reported Wednesday. [JOONGANG PHOTO]
Hackers affiliated with Pyongyang have drastically stepped up cryptocurrency heists and money laundering to fund its illicit weapons programs, with the total value of stolen cryptocurrency rising by 40 percent over the past year, according to a blockchain data analysis company on Wednesday.
North Korean-sponsored hacking groups committed “at least seven attacks on cryptocurrency platforms that extracted nearly $400 million worth of digital assets last year,” Chainalysis said its 2022 Crypto Crime Report.
“From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%,” the report said.
The report follows a similar finding by a panel of experts under a United Nations Security Council committee on North Korea sanctions in April, which identified cryptocurrency theft as a source of illicit financing for Pyongyang’s missile and nuclear development programs.
North Korea is estimated to have stolen $316.4 million in virtual assets, including cryptocurrencies, between 2019 and November 2020, according to an estimate by one member state of the Security Council, which was not identified.
The Security Council panel said that “cyberactors linked to the Democratic People's Republic of Korea continued to conduct operations against financial institutions and virtual currency exchange houses in 2020 to generate revenue to support its weapons of mass destruction" and ballistic missile programs, referring to the North by its official name.
Although the number of thefts of cryptocurrency gradually dropped between 2018 and 2020, the total value of stolen cryptocurrency rose between 2019 and 2021.
According to the Chainalysis report, the stolen cryptocurrency is laundered to mask its origin in a multi-stage process, whereby it is exchanged with other cryptocurrencies and eventually cashed out into fiat currency in Asia.
The report also said the North has ramped up its use of cryptocurrency mixers — software tools that “pool and scramble cryptocurrencies from thousands of addresses” to obfuscate and conceal the transactions.
Chainalysis observed a “massive increase in the use of mixers among DPRK-linked actors in 2021,” with 65 percent of stolen cryptoassests laundered through mixers in 2021 compared to 42 percent in 2020 and 21 percent in 2019.
Hackers affiliated with Pyongyang also use “complex tactics and techniques,” including phishing lures, code exploits and malware to launch cyberattacks and rob cryptocurrency houses and exchanges, according to the report.
“These behaviors, put together, paint a portrait of a nation that supports cryptocurrency-enabled crime on a massive scale,” the report said.
“Systematic and sophisticated, North Korea’s government — be it through the Lazarus Group or its other criminal syndicates — has cemented itself as an advanced persistent threat to the cryptocurrency industry in 2021.”
Chainalysis singled out the Lazarus Group, which it labelled one of the "advanced persistent threats” backed by the North, as being the main organization carrying out cyberattacks against investment companies and cryptocurrency exchanges on behalf of North Korea.
Lazarus is believed to be operated by the Reconnaissance General Bureau (RGB), Pyongyang’s foreign intelligence agency, which is currently subject both U.S. and United Nations sanctions.
BY MICHAEL LEE [lee.junhyuk@joongang.co.kr]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)