North Korean hackers stole at least $600 million worth of cryptocurrencies in 2023, which represents about a third of the total value of digital wallet heists, according to blockchain intelligence firm TRM. Despite the exorbitant sum, the number represents a 30% reduction in the value of cryptocurrencies stolen by hackers linked to North Korea compared to 2022, whose figure was US$850 million.
TRM researchers noted that if additional cryptocurrency thefts committed in the final days of 2023 are attributed to North Korea, that could cause the total amount stolen last year to rise to as much as $700 million. This includes an attack on Orbit Chain on December 31, 2023, which led to the diversion of over $80 million worth of cryptocurrencies. In total, TRM believes that $2.7 billion worth of cryptocurrencies have been stolen by hackers linked to the North Korean government since 2017.
The North Korean government uses the theft of cryptocurrencies as a means of generating revenue in the face of international sanctions against Kim Jong-un’s regime, according to experts.
TRM’s analysis also found that cryptographic hacks perpetrated by North Korea are, on average, ten times more damaging than those not linked to Pyongyang. Researchers said North Korean hackers are using innovative tactics to evade international law enforcement. For example, following US sanctions and enforcement activities against cryptocurrency mixers Tornado Cash and ChipMixer, groups like Lazarus have turned to other methods to launder stolen cryptocurrencies.
The main method used by attackers linked to the North Korean government to steal cryptocurrencies is to compromise the private keys and “seed phrases” used to protect digital wallets. Seed phrase — or seed phrasein — is a mechanism that allows access to digital wallets and the cryptocurrencies that are stored there.
After compromise, hackers transfer victims’ digital assets to a wallet address controlled by North Korean hackers before exchanging the currency for USDT or Tron and then converting it into hard currency using high-volume OTC brokers. USDT (or Tether Dollar) — is a fiat-backed stablecoin, which means that each USDT in circulation is backed by one US dollar held in reserve by the issuing company. TRON (or TRX) allows a person to use it to receive resources.
TRM says there have been “notable advances” in combating cryptocurrency theft, including improved security on exchanges and greater international collaboration in tracking and recovering stolen funds. However, the company predicts that North Korean hackers will continue to be effective in attacking digital wallets throughout this year.
“With nearly $1.5 billion stolen in the last two years alone, North Korea’s hacking capabilities require continued vigilance and innovation on the part of companies and governments,” says the company.
Sources: CisoAdvisor, TRMLabs
