Blockchain analytics platform Chainalysis published an analysis on North Korean hackers and their unlaundered cryptocurrency holdings Thursday. The firm described:
North Korean cybercriminals had a banner year in 2021, launching at least seven attacks on cryptocurrency platforms that extracted nearly $400 million worth of digital assets last year.
“These attacks targeted primarily investment firms and centralized exchanges,” the firm explained.
The hackers “made use of phishing lures, code exploits, malware, and advanced social engineering” to siphon funds from companies’ hot wallets into the addresses controlled by the Democratic People’s Republic of Korea (DPRK), Chainalysis added, elaborating:
Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out.
Chainalysis noted that “In 2021, North Korean hacking activity was on the rise once again. From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%.”
The firm also detailed that bitcoin now accounts for less than one-fourth of the cryptocurrencies stolen by North Korea, adding:
In 2021, only 20% of the stolen funds were bitcoin, whereas 22% were either ERC-20 tokens or altcoins. And for the first time ever, ether accounted for a majority of the funds stolen at 58%.
“More than 65% of DPRK’s stolen funds were laundered through mixers this year, up from 42% in 2020 and 21% in 2019, suggesting that these threat actors have taken a more cautious approach with each passing year,” the firm concluded.