Report Shows North Korean Hackers Stole Nearly $400 Million in Crypto in 2021

North Korean hackers launched at least seven attacks against cryptocurrency platforms last year, netting almost US$400 million worth of digital assets, according to a Chainalysis report.

“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” the blockchain analytics firm’s team claims in its blog post.

Ethereum Looms Large Among Stolen Funds

The overwhelming majority (58 percent) of stolen funds was Ethereum, with Bitcoin accounting for less than a quarter of the 2021 haul. Incidentally, a prominent Ethereum developer pleaded guilty last September to a federal charge of conspiring with the North Korean government to evade US sanctions law.

According to Chainalysis, the typical hack procedure starts by swapping Ethereum-based ERC-20 tokens and other cryptocurrencies for Ethereum (ETH) via a decentralised exchange. The ETH is then put through a so-called mixer, which Chainalysis describes as “software tools that pool and scramble cryptocurrencies from thousands of addresses”. Those funds are then swapped for bitcoin, mixed a second time, and consolidated into a new wallet.

Crypto Laundering Up More Than 40% in Two Years

The mixed bitcoin is then sent to deposit addresses where crypto can be converted into a fiat currency, typically at exchanges elsewhere on the Asian continent. Over 65 percent of the North Korean rogue regime’s stolen funds were laundered through mixers in 2021. In 2020 and 2019, the respective numbers were 42 percent and 21 percent.

The Chainalysis report, released on January 13, blames the crypto heists on a state-sponsored, North Korea-based hacking group called Lazarus, best known for masterminding the 2014 Sony Pictures hack and the WannaCry ransomware attack of 2017.

Since the latter incident, the group has stolen hundreds of millions in cryptocurrencies from virtual exchanges and investment firms. The UN claims Lazarus’ goal is to fund North Korea’s government and nuclear weapons programs.

From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40 percent.

Chainalysis report

$170 Million Stolen in 49 Hacks Yet to Be Laundered

One of the hacks involved crypto exchange Liquid.com, which lost US$91.5 million to the group. By tracking the Lazarus attacks, Chainalysis claims to have uncovered several cryptocurrency wallets the North Korean hackers are using to stockpile a fortune.

“Chainalysis has identified US$170 million in current balances – representing the stolen funds of 49 separate hacks from 2017 to 2021 – that are controlled by North Korea but have yet to be laundered through services,” the Chainalysis report noted, adding:

It’s unclear why the hackers would still be sitting on these funds, but it could be that they are hoping law enforcement interest in the cases will die down so they can cash out without being watched.

Chainalysis report

In February last year, the US Department of Justice charged three hackers associated with the Lazarus group with theft and extortion of cryptocurrencies between 2017 and 2020.