- North Korean exploiters account for 20% of the total amount of crypto looted in 2023.
- TRM Labs states North Korean hackers have become more industrious with on-chain laundering methods.
Blockchain intelligence firm TRM Labs’ latest report has disclosed that hackers affiliated with North Korea have managed to siphon off more than $200 million in cryptocurrency this year alone, accounting for a staggering 20% of all stolen digital assets in 2023.
According to TRM Labs, the ongoing year has witnessed an unsettling surge in cyberattacks, with North Korean hackers emerging as the masterminds behind a substantial chunk of these illicit activities. Over the past five years, their audacious heists have amounted to an astonishing $2 billion worth of cryptocurrency, underscoring the severity of the threat they pose to the global digital economy.
While the year remains far from its conclusion, the current figures already signal a significant dent in the cryptocurrency ecosystem. However, TRM Labs also noted that the previous year, 2022, stands out as a particularly lucrative period for cybercriminals. During this time, hackers executed a series of daring exploits, netting a whopping $800 million in stolen cryptocurrency. Their modus operandi primarily revolved around targeting decentralized finance (DeFi) protocols, with three major attacks concentrating on cross-chain bridges.
The techniques used by these hackers vary in complexity, ranging from phishing attacks to supply chain infiltrations that compromise private keys and seed phrases. However, one prominent evolution in their tactics lies in the realm of on-chain laundering methods. TRM Labs noted that, in response to heightened OFAC sanctions, intensified law enforcement scrutiny, and enhanced tracing capabilities, North Korean hackers have transitioned from utilizing straightforward cryptocurrency exchanges for cashing out to deploying intricate “multi-stage money laundering processes.”
This year’s hacking spree included a particularly audacious attack on Atomic Wallet users in June, which netted the cybercriminals around $100 million worth of Bitcoin, Ethereum, Tron, XRP, Stellar, Dogecoin, and Litecoin. TRM Labs shed light on the modus operandi of these thieves, revealing that the looted Ethereum was funneled through a series of new addresses controlled by the hackers. These addresses were facilitated by stolen wrapped Ether (WETH), which was then swapped for wrapped Bitcoin (WBTC) before being converted into Bitcoin and subsequently mixed through various services to obfuscate their origins.
Earlier in the year, TRM Labs unveiled that the first quarter of 2023 experienced a noticeable reduction in hacking incidents. This shift was attributed to concerted recovery efforts within the cryptocurrency space and the imposition of sanctions on the Ethereum mixer known as Tornado Cash.
TRM Labs has stressed the imperative of fortified cybersecurity in the face of escalating cyber threats. The firm advocates for the implementation of hardware security modules for robust cryptographic key management, the establishment of whitelisted addresses to restrict funds transfers to trusted recipients, and secure offline storage solutions for cryptographic keys and passphrases.In a chilling reminder of the audacious nature of these cybercriminals, last year’s exploits alone saw North Korean hackers steal over $800 million. A dark highlight in their criminal portfolio remains the mammoth cryptocurrency heist of March 2022, where the hackers brazenly walked away with a staggering $625 million from the Ronin Bridge, employing stolen private keys to orchestrate the grand theft.