Crypto Thefts Hit Record $3.8 Billion Last Year on North Korean Hacks

Sanctions on North Korea drove pickup in stolen crypto, according to Chainalysis report

(Bloomberg) — Thieves stole a record $3.8 billion worth of cryptocurrency in 2022 as sanctions on North Korea drove a surge in suspected hacking by the Asian nation.

Overall crypto losses increased from $3.3 billion stolen in 2021, blockchain analysis firm Chainalysis Inc. said in a report published Wednesday. Hacking groups that US officials have linked to the North Korean government stole an estimated $1.7 billion in 2022 and up from roughly $400 million last year, according to the firm. 

North Korean hackers have increased their focus on the cryptocurrency sector as a means to raise revenue in the face of international sanctions, according to US officials. Fraudsters have used a range of tactics, from posing as non-North Koreans in job interviews to deploying ransomware, in order to generate revenue, researchers have found. Anne Neuberger, US deputy national security advisor for cyber and emerging technology, said in July that money stolen via hacking makes up roughly one-third of the funding for Pyongyang’s weapons development programs. 

The US Federal Bureau of Investigation last week blamed two North Korean cybercrime groups for stealing $100 million in a heist in June last year at the Harmony Bridge crypto service. The Lazarus Group, a specialized hacking unit that the FBI previously said is associated with North Korea’s Reconnaissance General Bureau, also stole roughly $600 million in March from a blockchain network connected to Axie Infinity, a popular video game, US officials said.

Investigators later said they had recovered some $30 million that was stolen in the Axie Infinity theft, in what Chainalysis said was the first-ever seizure of funds stolen by hackers with links to North Korea.

“While North Korea-linked hackers are undoubtedly sophisticated and represent a significant threat to the cryptocurrency ecosystem, law enforcement and national security agencies’ ability to fight back is growing,” Chainalysis wrote. Following the Axie Infinity recovery, “we expect more such stories in the coming years, largely due to the transparency of the blockchain. When every transaction is recorded in a public ledger, it means that law enforcement always has a trail to follow, even years after the fact, which is invaluable as investigative techniques improve over time.”

The report found that suspected North Korean groups relied heavily on mixing services, which allow uses to mask their transactions, to launder stolen cryptocurrency. The hackers almost exclusively used Tornado Cash to launder digital money until the US Treasury Department sanctioned the service in August. 

Of all the cryptocurrency stolen last year, $3.1 billion was taken from decentralized finance, or DeFi, protocols, Chainalysis said. Attackers leveraged hard-to-spot digital vulnerabilities in the DeFi infrastructure that undergirds crypto projects, with a particular focus on bridge services. Of the $3.1 billion stolen from DeFi services, 64% came from cross-chain bridges, which allow users to convert one cryptocurrency to another, Chainalysis observed. 

More stories like this are available on bloomberg.com

©2023 Bloomberg L.P.

Close Bitnami banner
Bitnami