In what Chainalysis has dubbed a “banner year” for North Korean cybercriminals, a recent report by the blockchain research company has revealed that almost $400 million worth of digital assets were stolen across at least seven attacks in 2021.
The report explores how investment firms and centralised exchanges were primarily targeted and techniques such as phishing, code exploits, malware and social engineering were used to extract funds from these “organizations’ internet-connected ‘hot’ wallets into DPRK-controlled addresses.”
Connected to the internet and therefore, vulnerable to hacking, hot wallets are not recommended and it is advised that cryptocurrency is stored in wallets that are disconnected. Chainalysis believes that a number of the 2021 attacks were conducted by the Lazarus Group, a hacking group thought to be controlled by North Korea's primary intelligence bureau, Reconnaissance General Bureau.
The Lazarus Group was previously accused of involvement in the "WannaCry" ransomware attacks, hacks of international bank and customer accounts and the Sony Pictures cyber attacks in 2014.
Chainalysis also claims that once these funds were attained, a "laundering cover up and cash out" endeavour ensued. From 2020 to 2021, the number of North Korean-linked hacks increased from four to seven, and the value extracted from these hacks grew by 40%.
Further, the report also reveals that for the first time, Ether was the cryptocurrency that made up most of the funds that were stolen, at 58%.
“In 2021, only 20% of the stolen funds were Bitcoin, whereas 22% were either ERC-20 tokens or altcoins,” the report adds, suggesting that the variety of cryptocurrencies stolen can be attributed to North Korea’s laundering operation becoming increasingly sophisticated.