North Korean Hackers Stole Millions of Dollars Worth of BTC and Cryptocurrencies in 2023

• Hackers associated with North Korea have stolen over $200 million in cryptocurrency by 2023, making up 20% of all stolen cryptocurrencies this year.
• This theft is part of a robbery that cybercriminals have carried out in an amount of over $2 billion in the past five years, including attacks on 30 different crypto projects.
• Last year was the most successful year for hackers, with over $800 million in cryptocurrency stolen. Three major attacks targeted DeFi protocols, including a $625 million theft from the Ronin Bridge in March.

Hackers associated with North Korea account for 20% of this year’s attacks: the value of stolen cryptocurrencies in 2023 has exceeded $200 million.

North Korean Hackers Make a Big Heist

Hackers associated with North Korea have stolen over $200 million in cryptocurrency by 2023, making up 20% of all stolen cryptocurrencies this year. This information was revealed in a report prepared by blockchain intelligence firm TRM Labs.

This theft is part of a robbery that cybercriminals have carried out in an amount of over $2 billion in the past five years, including attacks on 30 different crypto projects. Additionally, a significant portion of these attacks has focused on the decentralized finance (DeFi) space and specifically targeted different chain bridges.

Last year was the most successful year for hackers, with over $800 million in cryptocurrency stolen. Three major attacks targeted DeFi protocols, including a $625 million theft from the Ronin Bridge in March. North Korean hackers use various techniques such as chain hopping and mixers to launder stolen funds and quickly convert them into cash on exchanges with lower KYC/AML controls.

In June of this year, hackers targeted Atomic Wallet users, resulting in the theft of various cryptocurrencies including Bitcoin, Ethereum, Tron, XRP, Stellar, Dogecoin, and Litecoin, totaling $100 million. According to TRM Labs, the criminals transferred the stolen Ethereum to different addresses they controlled using the stolen WETH. They then exchanged the WETH for WBTC and converted it to Bitcoin, sending the funds to mixing services to obscure their origin.

Hackers’ Techniques and the Importance of Strong Cybersecurity

Over time, North Korean hackers have developed ten chain hopping methods, transitioning from directly using cryptocurrency exchanges to highly complex, multi-stage money laundering processes. This evolution has occurred in response to more aggressive OFAC sanctions, increased focus from law enforcement authorities, and improved tracking capabilities.

According to the TRM Labs report, “chain hopping,” a money laundering technique that involves converting and moving different crypto assets across multiple chains to obfuscate their trail, is a prominent technique used by hackers.

TRM Labs emphasizes the importance of strong cybersecurity measures such as hardware security modules for encryption key management, address whitelisting to limit transfers to trusted recipients, and secure offline storage for keys and passwords. The firm also highlights the individual responsibility of the DeFi community in protecting assets.

The findings of the report highlight the increasing presence of cybercrime threats in the cryptocurrency space, particularly in the DeFi sector, and underscore the growing necessity for security measures and regulatory oversight in the face of significant amounts of stolen funds and the techniques employed by hackers.

The focus on DeFi protocols and the evolution of money laundering techniques reflect cybercriminals’ adaptability in response to regulatory measures and technological advancements in the cryptocurrency space.