In a recent revelation by TRM Labs, North Korean hackers have been implicated in significant cryptocurrency thefts in 2023, accumulating at least $600 million. The total stolen amount could potentially reach $700 million if additional hacks at the end of the year are confirmed to be the work of North Korea. Despite a 30% decrease in theft compared to the previous year, the Democratic People’s Republic of Korea (DPRK) was responsible for nearly one-third of all funds stolen in crypto attacks in 2023.
The report also delves into the methods and impact of North Korean cyberattacks on the cryptocurrency ecosystem. Hacks attributed to the DPRK were found to be ten times as damaging as those not linked to North Korea. Since 2017, over $3 billion worth of cryptocurrency has been lost to Pyongyang-linked threat actors. The hackers primarily exploit vulnerabilities in digital wallet security, compromising private keys and seed phrases, which are crucial for safeguarding digital assets.
The stolen funds are then transferred to wallet addresses under the control of North Korean operatives, often converted into Tehter’s USDT or Tron, and ultimately converted into hard currency through high-volume over-the-counter brokers. North Korea constantly evolves its money laundering methods to evade international law enforcement pressure. As previous platforms used for obfuscation, such as Tornado Cash and ChipMixer, became targets of US sanctions and enforcement actions, North Korea shifted to another mixer called Sinbad. However, after Sinbad was also sanctioned by the Office of Foreign Assets Control (OFAC) in November 2023, North Korea continued exploring alternative laundering tools.
With approximately $1.5 billion stolen in the past two years alone, North Korea’s hacking capabilities demand continuous vigilance and innovation from businesses and governments. Despite advancements in cybersecurity measures by cryptocurrency exchanges and increased international collaboration to track and recover stolen funds, it is expected that 2024 will witness further disruption from this highly prolific cyber-thief, according to TRM Labs. As a result, sanctions have been imposed on eight foreign-based agents of North Korea (DPRK) and the cyber espionage group Kimsuky.
These actions were taken by the US Treasury’s Office of Foreign Assets Control (OFAC), along with counterparts in Australia, Japan, and the Republic of Korea, in response to the DPRK’s military reconnaissance satellite launch on November 1, 2023. The report highlights the activities of Kimsuky, a cyber espionage group operating since 2012 and associated with the Reconnaissance General Bureau (RGB), which the United Nations and the United States designate. Kimsuky focuses its intelligence collection efforts on foreign policy, national security issues related to the Korean peninsula, nuclear policy, and sanctions.
The group primarily employs spear-phishing techniques to target individuals employed by government organizations, research centers, think tanks, academic institutions, and news media organizations across Europe, Japan, Russia, South Korea, and the United States. Despite global efforts to enhance cybersecurity measures and counter these attacks, North Korea’s persistent and evolving tactics continue to pose challenges. The response of governments to mitigate these cyber crimes and reduce losses in the crypto industry remains uncertain. Observing what additional actions will be taken in this regard is crucial.
This News Article was automatically generated by Bob the Bot (AI)
| Information | Details |
|---|---|
| Geography | Asia |
| Countries | 🇺🇸 🇦🇺 🇯🇵 |
| Sentiment | negative |
| Relevance Score | 1 |
| People | None |
| Companies | ChipMixer, Kimsuky, Tornado Cash, US Treasury’s Office of Foreign Assets Control, Reconnaissance General Bureau, United Nations, TRM Labs, Office of Foreign Assets Control, Democratic People’s Republic of Korea |
| Currencies | TRON, Tether, US Dollar |
| Securities | None |
