The analytics firm says North Korea-related hacks have fallen from four in 2020 to seven in 2021.
North Korea launched at least seven attacks on cryptocurrency platforms that mined nearly $400 million in digital assets last year, one of its most successful years on record, a report said. said blockchain analytics firm Chainalysis in a new report.
“From 2020 to 2021, the number of North Korea-related hacks increased from four to seven, and the value extracted from those hacks increased by 40 percent,” the report, released on Thursday, said.
“Once North Korea obtained custody of the funds, it began a thorough laundering process to conceal and cash out,” the report added.
A United Nations panel that monitors sanctions against North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.
North Korea is not responding to media inquiries, but has previously issued statements denying the hacking allegations.
Last year the United States indicted three North Korean computer programmers working for the nation’s intelligence service with a huge, years-long hacking spree aimed at stealing more than $1.3 billion in cash and cryptocurrency, affecting businesses ranging from banks to Hollywood movie studios.
Chainalysis did not identify all of the targets for the hacks, but said they were primarily investment firms and centralized exchanges, including Liquid.com, which announced in August that a user not authorized had had access to some of the cryptocurrency wallets it managed.
Attackers used phishing lures, code exploits, malware and advanced social engineering to divert funds from these organizations’ internet-connected “hot” wallets to addresses controlled by North Korea, according to the report. .
Most of the attacks over the past year were likely carried out by the Lazarus Group, a US-sanctioned hacking group that claims to be controlled by the Reconnaissance General Bureau, North Korea’s main intelligence office.
The group has been accused of involvement in the “WannaCry” ransomware attacks, the hacking of international banks and customer accounts, and the 2014 cyberattacks on Sony Pictures Entertainment.
North Korea also appeared to be stepping up its efforts to launder stolen cryptocurrency, dramatically increasing its use of mixers, or software tools that aggregate and scramble cryptocurrencies from thousands of addresses, Chainalysis said.
The report says researchers identified $170 million in old, unlaundered cryptocurrency holdings from 49 separate hacks spanning the period from 2017 to 2021.
The report says it’s unclear why the hackers would still be sitting on those funds, but said they could hope to outwit law enforcement interests before cashing in.
“Whatever the reason, the length of time (North Korea) is willing to hold on to these funds is illuminating, as it suggests a prudent, not desperate, hasty plan,” Chainalysis concluded.