Continuing to pose a significant threat to the cryptocurrency ecosystem, North Korean hackers have managed to pilfer an estimated $2 billion in cryptocurrency over the past five years. Blockchain intelligence firm TRM Labs has conducted an in-depth study into cryptocurrency rency-related hacking, focusing on the exploits of North Korean cybercriminals. According to TRM Labs, in 2023 alone, North Korea seized approximately $200 million in cryptocurrency, accounting for a notable 20% of all stolen funds this year.
It's reported that the scale of North Korean cyberattacks is approximately 10 times larger than those conducted by other malicious actors. These hackers have not spared the decentralized finance (DeFi) sector either, targeting cross-chain bridges that facilitate significant volumes of cryptocurrency transfers. instance, a cross-chain breach involving the Axie Infinity Ronin Bridge resulted in the theft of $650 million in cryptocurrency. In 2022, North Korean hackers pulled off a total of around $800 million in three separate attacks.
The methods employed in these cyberattacks vary, encompassing tactics such as phishing and supply chain attacks that exploit compromised private keys and seed phrases. One noteworthy observation made by TRM Labs is that North Korean hackers have become increasingly sophisticated in their on-chain money laundering techniques . Previously, they would use cryptocurrency exchanges to convert stolen funds, but this approach has now evolved into a more intricate "multi-stage money laundering process."
This evolution of tactics appears to be in response to tightening OFAC sanctions, more effective law enforcement actions, and advancements in blockchain tracking tools. One illustrative example is the 2023 Atomic Wallet hack, in which hackers targeted non-custodial wallet provider Atomic Wallet, making off with $100 million in cryptocurrency from 4,100 addresses. TRM Labs speculates that this vulnerability could have stemmed from a phishing or supply chain attack. The hackers proceeded to empty user wallets on various blockchains like Ethereum, Tron, Bitcoin, XRP , Dogecoin, Stellar, and Litecoin, subsequently funneling the stolen funds to new wallets. To launder the stolen cryptocurrency, they then swapped ERC-20 and TRC-20 tokens for Ether and TRX, employed decentralized exchanges, automated programs, mixers, and executed cross-chain swaps.
