North Korea-linked hackers have allegedly stolen more than $200 million in cryptocurrencies this year, part of an estimated $2 billion that cybercriminals have made off with in the past five years, according to a U.S.-based blockchain intelligence firm.
While the amount of cryptocurrency stolen by North Korean hackers this year is down from last year’s $800 million, their cyberattacks are still “10 times larger” than those made by other actors, according to the report.
“North Korean hacks appear to be opportunistic—reflected by an array of target and exploit types that have resulted in unprecedented gains,” it reads.
According to the report, North Korea exploited vulnerabilities in the crypto ecosystem through phishing, supply chain attacks, and infrastructure hacks—which involve private key or seed phrase compromises.
The intelligence firm noted that such attack methods are typically enabled by conventional cyber operations, which allow the attackers to seize and transfer the cryptocurrency to wallets they control.
“In addition, there has been a pivot away from North Korea’s traditional revenue-generating activities, indicating that the regime is increasingly turning to cyber attacks to fund its weapons proliferation activity.”
On Jan. 13, the FBI stated that North Korean cyber actors used a privacy protocol called Railgun to launder more than $60 million worth of ethereum stolen during the theft in June.
North Korean Hackers Pose Risks
The U.S. government has blamed North Korea for several high-profile cyberattacks in recent years, including last year’s multimillion-dollar heist of Axie Infinity, a game in which players can earn cryptocurrency tokens.“We assess that North Korea continues to engage in illicit activities, including cyber theft and the export of UN-proscribed commodities to fund regime priorities, including [its weapons of mass destruction program],” the report reads.
The intelligence community warned that North Korea could have the expertise “to cause temporary, limited disruptions of some critical infrastructure networks and disrupt business networks in the United States.”
“Pyongyang is well positioned to conduct surprise cyber attacks given its stealth and history of bold action,” the report reads.
North Korea has conducted more than 100 weapons tests since the start of 2022, many of which have involved nuclear-capable missiles designed to strike the United States, South Korea, and Japan.