January 26, 2024
SEOUL – North Korea-linked hackers carried out the largest number of cryptocurrency thefts in 2023, despite a decrease in the overall amount stolen, a US blockchain analysis firm reported Wednesday.
The number of hacks surged to 20 in 2023, marking the “highest number on record” since 2016, according to an online report released by Chainalysis, headquartered in New York.
The trend of cryptocurrency theft has steadily increased since 2020, with North Korea-associated hackers conducting five, nine and 15 crypto thefts in 2020, 2021 and 2022, respectively.
“North Korea-linked hacks have been on the rise over the past few years, with cyber-espionage groups such as Kimsuky and Lazarus Group utilizing various malicious tactics to acquire large amounts of crypto assets,” the report read.
Cryptocurrency theft is the major channel for the Kim Jong-un regime to fill up its coffers with foreign currencies, which have been drained due to UN Security Council resolutions.
But North Korea-associated hackers were estimated to have stolen slightly over $1 billion worth of cryptocurrency in 2023 — a marked downturn from the peak of approximately $1.7 billion in 2022.
North Korea-linked hackers stole around $271 million, $300 million and $429 million in cryptocurrency in 2019, 2020 and 2021, respectively.
In 2023, at the behest of the Kim Jong-un regime hackers stole approximately $428.8 million from decentralized finance, or DeFi, platforms and also pilfered around $150 million from centralized services. Approximately $330.9 million and $127 million were taken by hackers working for North Korea from cryptocurrency exchanges and wallet providers, respectively.
The FBI said last year that Traitor-affiliated actors, also known as Lazarus Group and APT38, were responsible for “several high-profile international cryptocurrency heists.”
The cases include a $60 million theft of virtual currency from Alphapo, a $37 million theft of virtual currency from CoinsPaid and a $100 million theft of virtual currency from Atomic Wallet — all of which took place in June and July last year. In September, the North Korea-sponsored Lazarus Group conducted a cryptocurrency theft of approximately $41 million from Stake.com, an online casino and betting platform.
But Chainalysis pointed out that “2023 saw a notable decrease in North Korean targeting of DeFi protocols, mirroring the overall drop in DeFi hacking.”
DeFi is a new financial paradigm that leverages distributed ledger technologies to offer services such as lending, investing or exchanging crypto assets without relying on a traditional centralized intermediary.
The report explained that the decline in DeFi hacks could be attributed to two main factors.
Mar Gimenez-Aguilar, lead security architect and researcher at Chainalysis partner Halborn, a security company, recognized that the “drop in DeFi hacking losses may be driven in part by the overall drop in DeFi activity in 2023, which may have simply decreased the number of DeFi protocols that made ripe targets for hackers.”
Gimenez-Aguilar also pointed out that the “increase of security measures in DeFi protocols is a key factor in the reduction in the number of hacks related to smart contracts vulnerabilities.”
South Korea also has intensified its efforts to prevent crypto theft, a key source of illicit revenue for the Kim Jong-un regime, in collaboration with the United States, Japan and other like-minded partners.
Seoul and Washington committed to strengthening all-around cooperation to block North Korea’s malicious cyber activities, including cryptocurrency theft, as a means to fund illegal nuclear and missile programs during the seventh Cyber Policy Consultations held in Seoul in mid-January.
South Korea, the US and Japan also launched a Trilateral Diplomatic Working Group in December last year to enhance trilateral and global collaboration to disrupt North Korea’s ability to generate revenue through illicit cyber activities, including crypto theft.