In 2023, hacking groups associated with the Democratic People’s Republic of Korea (DPRK) escalated their activities and broadened their targets, but the number of stolen cryptocurrencies decreased, according to a recent report from blockchain analytics firm Chainalysis. In 2022, there were 15 hacking incidents related to North Korea, resulting in $1.7 billion in cryptocurrency losses. Chainalysis estimates that in 2023, hacking groups stole approximately $1 billion worth of cryptocurrencies through 20 hacks. This suggests that despite the increased number of vulnerabilities exploited, the overall value of illicit gains by hackers did not surpass the previous year's total.
Erin Plante, Vice President of Investigations at Chainalysis, anticipates that North Korea-linked hacking will become more sophisticated and diverse. Plante notes that these hacking groups have shifted their focus to centralized services and wallets as the gains from decentralized finance (DeFi) protocols have diminished due to improved security measures. Plante emphasizes that phishing and social engineering are now preferred tactics by North Korean hackers, describing these methods as "ancient" hacking techniques that can be mitigated through employee education and awareness of cybersecurity best practices.
Plante observes a distinct pattern in North Korean-related attacks, where the hackers spend more time online. This underscores the importance of enhanced network monitoring and security measures. Plante suggests that DeFi protocols susceptible to on-chain failures should implement systems for monitoring on-chain activity. Additionally, platforms vulnerable to off-chain risks should reduce reliance on centralized products and services to enhance their security posture.
Overall, Plante expects North Korean hackers to persist in seeking opportunities to pilfer substantial amounts of money, emphasizing their ability to adapt rapidly and remain an advanced threat despite increasing obstacles.
