North Korean hackers stole nearly $400 million in crypto last year

The value of cryptocurrencies like Bitcoin and Ethereum went up in the past year, with the value spiking 80 percent in 2021. It's no surprise that the relentless North Korean hackers who feed off that boomingcryptocurrencies had a very good year.

A total of $395 million worth of coins were stolen by North Korean hackers last year, according to Chainalysis. Over the past five years, the country has stolen hundreds of millions of dollars from the traditional economy, and the nine-figure sum represents a nearly $100 million increase over the previous year's thefts by North Korean hacker groups. Kim's regime is able to fund itself and its weapons programs despite the country's sanctions because of the amount of stolencryptocurrencies.

According to a report by Chainalysis, the year of 2021 will be a "banner year" for North Koreancryptocurrencies thefts. The US Justice Department indicted three North Koreans in absentia in February of last year, accusing them of stealing at least $121 million from cryptocurrencies, and the findings show that North Korea's global, serial robberies have accelerated even in the midst of an attempted law enforcement crackdown. A Canadian man was charged with helping to launder the funds. The efforts haven't stopped the hemorrhaging of wealth. "We were excited to see actions against North Korea from law enforcement agencies," Plante says, "yet the threat persists and is growing."


The Chainalysis numbers don't just show an appreciation of the value of the currency, they also show how much money was stolen. The number of stolen funds increased last year, but the number of successful attacks was less than in the previous year.

For the first time since Chainalysis began tracking North Korean thefts, the majority of the stolen funds have been accounted for by Bitcoin. The group's gains came in the form of stolen ether, the network's currency unit. Around 40% of the total came from the stolen ERC-20 token, a form of token used to create smart contracts on the ethereum platform.

The price of assets in the Ethereum economy combined with the growth of new companies has led to an increase in the number of thefts. She says that some of the exchanges and trading platforms are newer and more vulnerable to intrusions. They're trading in ether and ERC-20 token, and they're easy targets.

Chainalysis didn't identify most of the victims of the hacker thefts it tracked last year, but it blamed North Korean hackers for the theft of around $97 million in cryptocurrencies from the Japanese exchange in August. WIRED asked for comment on the August hacker breach. Chainalysis says it linked the hacks to the North Korean hackers because of the samples, infrastructure, and stolen money.

The thefts were carried out by Lazarus, a group of hackers who are believed to be working for the North Korean government. Other hacker- tracking firms have pointed out that Lazarus has many distinct groups. Mandiant echoes Chainalysis' findings that stealing cryptocurrencies is a priority for virtually all of the North Korean groups it tracks.


Fred Plan, a senior analyst at Mandiant, says that last year two North Korean groups called TEMP.Hermit and Kimsuky were likely tasked with stealing information related to COVID-19. Both groups continued to target holders of cryptocurrencies. Plan says that the consistency of financially motivated operations and campaigns is the main reason for all the other activities they had to do in the past year.

The group Mandiant calls the group APT38, which has previously focused on more traditional financial intrusions, such as the theft of $110 million from the Mexican financial firm Bancomext and $81 million from Bangladesh's Central Bank, now appears to have turned its sights on cryptocurrencies. Plan says that almost all of the North Korean groups have a stake in the pie of cryptocurrencies.

The relative ease with which digital cash can be laundered is one of the reasons why the hackers have focused on it. The North Koreans had to use Chinese money launderers to gamble their money at a casino in Manila in order to prevent investigators from tracking the stolen funds. Chainalysis found that the groups have a lot of options to move the stolen currency. They've used exchanges based in Asia to exploit their gains and have less-than-stringent compliance with "know-your-customer" regulations. The groups have used "mixing" services to obscure the money's origins. They've used a variety of methods to connect cryptocurrencies traders with no middleman, often with little in the way of anti-money-laundering rules.

The North Koreans have been very patient in cashing out their stolen coins, often holding onto the funds for years before beginning the laundered funds. The $170 million in unlaundered cryptocurrencies that the hackers are still holding on to is a good indicator of how much they will cash out over time.

Mandiant's Fred Plan says that all of the hundreds of millions will end up in the accounts of a nation that has spent years under sanctions. The North Korean regime knows they don't have any other options. They don't have a way of engaging with the world or the economy. Plan says they have a pretty awesome cyber capability. They're able to bring money into the country.

The Kim regime's revenue stream will only continue to grow until they figure out how to prevent their coins from being laundered and converted into clean bills.

The story was originally on