2023 marked a record high in the number of crypto platform hacks linked to North Korea, but the total value of looted funds decreased significantly. According to Chainalysis, a firm specializing in blockchain analysis, there has been a notable increase in cyber attacks to a total of 20 over the past year.
These incidents have been linked to operatives from the Democratic People’s Republic of Korea (DPRK), who have managed to extract just over $1 billion in crypto through these exploits. This figure represents a 40% drop from the $1.7 billion stolen in 2022, suggesting a shift in the landscape of digital asset theft.
North Korean Hackers Shift Tactics Amid Declining Crypto Thefts
Cryptocurrency has long been a target for North Korean hackers, often used to circumvent “international sanctions,” according to US officials. The decline in stolen funds mirrors a “broader trend in the crypto security environment,” particularly concerning decentralized finance (DeFi) protocols.
In 2023, DeFi protocols experienced a 64% reduction in theft, totaling $1.1 billion, down from $3.1 billion the previous year. According to Chainalysis, this decline in theft aligns with “heightened security measures” and “reduced overall activity in DeFi spaces.”
Erin Plante, Vice President of Investigations at Chainalysis, commented on these hackers’ evolving tactics, noting that while their success rate in major heists might have slowed, “the threat’s not going away by any means.”
Bloomberg further disclosed that as crypto platforms enhance security measures, North Korean hackers adapt to more diverse and sophisticated strategies.
Joe Dobson, principal analyst at cybersecurity firm Mandiant, observed that these criminals continuously study the evolving landscape to exploit new advancements maliciously. Dobson noted:
They look at what’s changing, what’s evolving, and how they can use that malicious intent. Whatever the advancement is, they’re going to find a way to take advantage of it.
Besides improved security practices and decreased DeFi activity, “investor behavior” could also influence the decrease in stolen amounts.
Allan Liska, a senior intelligence analyst at Recorded Future Inc., suggests that the fallout from high-profile events like the FTX collapse may have led investors to spread their assets across various platforms, reducing the “pool of funds” available for theft.
Evading Sanctions: North Korea’s Persistent Cyber Threat To Crypto
Meanwhile, a report from TRM Labs highlighted the impact of DPRK-linked hacks, which have been “ten times” more damaging than those unlinked to North Korea. Since 2017, over $3 billion in cryptocurrency has been lost to Pyongyang’s operatives.
The report details how hackers primarily target digital wallet vulnerabilities, transferring stolen funds to controlled addresses and converting them into hard currency through high-volume brokers.
North Korea’s adaptability in money laundering methods under international scrutiny is noteworthy. Following sanctions and enforcement actions against platforms like Tornado Cash and ChipMixer, DPRK-linked operatives shifted to the mixer Sinbad.
However, with Sinbad also facing sanctions from the Office of Foreign Assets Control (OFAC) in November 2023, North Korea continues to explore alternative laundering tools, underlining the persistent and evolving nature of this threat to the crypto ecosystem.
Featured image from Unsplash, Chart from TradingView