North Korea has carried out at least seven attacks on the cryptocurrency platform, which pulled out nearly $400m worth of digital assets last year, marking one of its most successful years on record, according to a new analysis.
“From 2020 to 2021, the number of North Korean-linked hacks increased from four to seven, and the value extracted from these hacks increased by 40%,” said blockchain expert Chainalysis’s report, released on Thursday.
“Once North Korea obtained custody of the funds, they began a careful laundering process to cover up and cash out.”
A panel of UN experts monitoring sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.
North Korea does not respond to media inquiries but has issued earlier statements denying the hacking allegations.
US last year Three North Korean computer programmers charged Working for the nation’s intelligence service with a massive, year-long hacking spree aimed at stealing more than $1.3 billion in money and cryptocurrency, affecting companies from banks to Hollywood movie studios .
Chainalysis did not identify all the targets of the hack, but said they were primarily investment firms and centralized exchanges, including Liquid.com, which announced in August that an unauthorized user had gained access to certain cryptocurrency wallets. which he managed.
The report said the attackers used phishing lures, code exploits, malware and advanced social engineering to transfer addresses from the Internet-connected “hot” wallets of these organizations to North Korea controlled addresses.
Many of last year’s attacks were likely carried out by the Lazarus Group, a US-sanctioned hacking group that it says is controlled by the General Bureau of Reconnaissance, North Korea’s primary intelligence bureau.
The group has been accused of being involved in WannaCry ransomware attack, the hacking of international banks and customer accounts, and the 2014 cyber attacks on Sony Pictures Entertainment.
Chainalysis said North Korea has significantly increased the use of mixers, or software tools that pool and scramble cryptocurrencies from thousands of addresses, to speed up efforts to launder stolen cryptocurrencies.
The report states that researchers had identified $170m of old, unlicensed cryptocurrency holdings from 49 different hacks spanning from 2017 to 2021.
It’s unclear why hackers would still be sitting on these funds, the report said, but they can expect to get out of law enforcement interest before cashing out.
“Whatever the reason, how long is that time” [North Korea] Holding on to these funds is ready, as it suggests, of a careful planning, not desperate and hasty.