A Blog by Jonathan Low

 

Jan 14, 2022

How North Korea Stole $400 Million In Cryptocurrencies Last Year

Gold medals for digital creativity. 

And so much for blockchain's ostensible impenetrability. JL 

The South China Morning Post and Eliza Gkritsi in CoinDesk report:

North Korea launched at least seven attacks on cryptocurrency platforms that extracted US$400 million worth of digital assets last year. Targets of the hacks were primarily investment firms and centralised exchanges, including Liquid.com, which (revealed) an unauthorised user gained access to some of the cryptocurrency wallets it managed. The attackers used phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of internet-connected ‘hot’ wallets.' The increased variety of tokens led the hackers to step up laundering, swapping one cryptocurrency for another on decentralized exchanges and privacy tools for obscuring the history of the transactions

SCMPNorth Korea launched at least seven attacks on cryptocurrency platforms that extracted nearly US$400 million worth of digital assets last year, one of its most successful years on record, blockchain analysis firm Chainalysis said in a new report.

“From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40 per cent,” said the report, which was released on Thursday.

“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” the report added.

A United Nations panel of experts that monitors sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programmes to circumvent sanctions. North Korea does not respond to media inquiries, but has previously released statements denying allegations of hacking. Chainalysis did not identify all the targets of the hacks, but said they were primarily investment firms and centralised exchanges, including Liquid.com, which announced in August that an unauthorised user had gained access to some of the cryptocurrency wallets it managed.

The attackers used phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organisations’ internet-connected ‘hot’ wallets into North Korea-controlled addresses, the report said.Many of last year’s attacks were likely carried out by the Lazarus Group, a hacking group sanctioned by the United States, which says it is controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence bureau.

 

The group has been accused of involvement in the “WannaCry” ransomware attacks, hacking of international banks and customer accounts, and the 2014 cyber attacks on Sony Pictures Entertainment.

North Korea also appeared to step up efforts to launder stolen cryptocurrency, significantly increasing its use of mixers, or software tools that pool and scramble cryptocurrencies from thousands of addresses, Chainalysis said.

The report said researchers had identified US$170 million in old, unlaundered cryptocurrency holdings from 49 separate hacks spanning from 2017 to 2021.

The report said it is unclear why the hackers would still be sitting on these funds, but said they could be hoping to outwit law enforcement interest before cashing out.

“Whatever the reason may be, the length of time that (North Korea) is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one,” Chainalysis concluded.

CoinDesk North Korean hackers stole almost $400 million worth of digital assets from crypto platforms last year, mostly in the form of ether, according to a Chainalysis report published on Thursday.

  • For the first time, ether accounted for most – 58% – of the stolen funds, according to the report. It was followed by altcoins and ERC-20 tokens, with bitcoin at just 20% of the total, Chainalysis said.
  • The increased variety of tokens has led the hackers to step up their efforts to launder their spoils, the report said. The typical process now involves several steps of swapping one cryptocurrency for another on decentralized exchanges and using decentralized finance (DeFi) mixers, which are privacy tools for obscuring the history of the transactions, to conceal their tracks, according to Chainalysis.
  • Mixers were the most used tool among North Korean hackers for the first time, accounting for over 65% of stolen funds, up from 42% in 2020 and 21% the year before, Chainalysis said. In 2017 and 2019, crypto exchanges were the most popular way of laundering money.
  • About $170 million of stolen funds from 49 exploits dating back to 2017 have yet to be laundered, the report said.
  • The number of North Korea-attributed attacks grew from four to seven, and the funds stolen grew by 40%, the highest since 2018, according to the report. The victims were mostly investment firms and centralized exchanges.
  • Chainalysis said that many of last year's attacks were likely carried out by a group labeled as advanced persistent threat 38 (APT38), also known as Lazarus Group. The group is believed to be led by Pyongyang’s primary intelligence agency, the Reconnaissance General Bureau.

0 comments:

Post a Comment