North Korea-Linked Hackers Stole $200 Million in Crypto This Year: Report

TRM Labs alleged that North Korean hackers were responsible for over 20 percent of all cryptocurrency thefts this year.
North Korea-Linked Hackers Stole $200 Million in Crypto This Year: Report
Representation of cryptocurrency bitcoin is seen in this illustration taken on Nov. 29, 2021. Dado Ruvic/Reuters
Aldgra Fredly
Updated:
0:00

North Korea-linked hackers have allegedly stolen more than $200 million in cryptocurrencies this year, part of an estimated $2 billion that cybercriminals have made off with in the past five years, according to a U.S.-based blockchain intelligence firm.

TRM Labs reported on Aug. 18 that North Korean hackers have been responsible for more than 20 percent of all cryptocurrency thefts this year.

While the amount of cryptocurrency stolen by North Korean hackers this year is down from last year’s $800 million, their cyberattacks are still “10 times larger” than those made by other actors, according to the report.

“North Korean hacks appear to be opportunistic—reflected by an array of target and exploit types that have resulted in unprecedented gains,” it reads.

According to the report, North Korea exploited vulnerabilities in the crypto ecosystem through phishing, supply chain attacks, and infrastructure hacks—which involve private key or seed phrase compromises.

The intelligence firm noted that such attack methods are typically enabled by conventional cyber operations, which allow the attackers to seize and transfer the cryptocurrency to wallets they control.

“In recent years, there has been a marked rise in the size and scale of cyber attacks against cryptocurrency-related businesses by North Korea. This has coincided with an apparent acceleration in the country’s nuclear and ballistic missile programs,” TRM Labs stated in June.

“In addition, there has been a pivot away from North Korea’s traditional revenue-generating activities, indicating that the regime is increasingly turning to cyber attacks to fund its weapons proliferation activity.”

Earlier this year, the FBI stated that a North Korea-affiliated hacker named the Lazarus Group, also known as APT38, was responsible for stealing $100 million from U.S. crypto firm Harmony’s Horizon Bridge last year.

On Jan. 13, the FBI stated that North Korean cyber actors used a privacy protocol called Railgun to launder more than $60 million worth of ethereum stolen during the theft in June.

A portion of the stolen ethereum was subsequently sent to several virtual asset providers and converted to bitcoin, it noted.

North Korean Hackers Pose Risks

The U.S. government has blamed North Korea for several high-profile cyberattacks in recent years, including last year’s multimillion-dollar heist of Axie Infinity, a game in which players can earn cryptocurrency tokens.
The U.S. Intelligence Community said in its 2022 report (pdf) that cyber actors linked to North Korea have conducted “espionage efforts against a range of organizations, including media, academia, defense companies, and governments, in multiple countries.”

“We assess that North Korea continues to engage in illicit activities, including cyber theft and the export of UN-proscribed commodities to fund regime priorities, including [its weapons of mass destruction program],” the report reads.

The intelligence community warned that North Korea could have the expertise “to cause temporary, limited disruptions of some critical infrastructure networks and disrupt business networks in the United States.”

“Pyongyang is well positioned to conduct surprise cyber attacks given its stealth and history of bold action,” the report reads.

North Korea has conducted more than 100 weapons tests since the start of 2022, many of which have involved nuclear-capable missiles designed to strike the United States, South Korea, and Japan.

Reuters contributed to this report.