Seoul: North Korea launched at least seven attacks on cryptocurrency platforms that extracted nearly $US400 million ($458 million) worth of digital assets last year, one of its most successful years on record, blockchain analysis firm Chainalysis said in a new report.
“From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40 per cent,” said the report, which was released on Friday AEST.
“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” the report added. A United Nations panel of experts that monitors sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.
North Korea does not respond to media inquiries, but has previously released statements denying allegations of hacking.
Last year the United States charged three North Korean computer programmers working for the country’s intelligence service with a massive, years-long hacking spree aimed at stealing more than $US1.3 billion in money and cryptocurrency, affecting companies from banks to Hollywood movie studios.
Chainalysis did not identify all the targets of the hacks, but said they were primarily investment firms and centralised exchanges, including Liquid.com, which announced in August that an unauthorised user had gained access to some of the cryptocurrency wallets it managed.
The attackers used phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organisations’ internet-connected ‘hot’ wallets into North Korea-controlled addresses, the report said.
Many of last year’s attacks were likely carried out by the Lazarus Group, a hacking group sanctioned by the United States, which says it is controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence bureau. The group has been accused of involvement in the “WannaCry” ransomware attacks, hacking of international banks and customer accounts, and the 2014 cyber-attacks on Sony Pictures Entertainment. North Korea also appeared to step up efforts to launder stolen cryptocurrency, significantly increasing its use of mixers, or software tools that pool and scramble cryptocurrencies from thousands of addresses, Chainalysis said. The report said researchers had identified $US170 million in old, unlaundered cryptocurrency holdings from 49 separate hacks spanning from 2017 to 2021. The report said it is unclear why the hackers would still be sitting on these funds, but said they could be hoping to outwit law enforcement interest before cashing out.
“Whatever the reason may be, the length of time that (North Korea) is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one,” Chainalysis concluded. North Korea on Friday berated the Biden administration for imposing fresh sanctions against the country over its latest missile tests and warned of stronger and more explicit action if Washington maintains its “confrontational stance.” In a statement carried by North Korea’s official Korean Central News Agency, an unidentified Foreign Ministry spokesperson defended the North’s recent launches of purported hypersonic missiles as a righteous exercise of self-defence. The spokesperson said the new sanctions underscore hostile US intent aimed at “isolating and stifling” the North despite Washington’s repeated calls for Pyongyang to resume diplomacy that has stalled over disagreements about sanctions relief and nuclear disarmament steps. The Biden administration on Wednesday imposed sanctions on five North Koreans over their roles in obtaining equipment and technology for the North’s missile programs in its response to the North’s latest missile test this week and also said it would seek new UN sanctions.
The announcement by the Treasury Department came just hours after North Korea said leader Kim Jong-un oversaw a successful test of a hypersonic missile on Tuesday that he claimed would greatly increase the country’s nuclear “war deterrent.”