UN: North Korean cybercriminals hack crypto platforms
The UN first reported the phenomenon in 2019
The North Korean regime has been seeking to evade financial sanctions and fund its military activities by means of “sophisticated” crypto scams, according to the UN.
The illicit activity was first brought to light in a UN report in 2019, while over the past year Chainanalysis researchers have been tracking unlawful activity originating in the Democratic People’s Republic of Korea (DPRK) .
According to the researchers, North Korean cybercriminals launched at least seven attacks on cryptocurrency platforms in 2021, extracting almost $400m worth of digital assets.
“These attacks targeted primarily investment firms and centralised exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organisations’ internet-connected “hot” wallets into DPRK-controlled addresses,” explained Chainalysis researchers.
In 2021, overall cryptocurrency-based crime global activity hit a new all-time high, with illicit addresses benefitting to the tune of $14bn over the course of the year, up from $7.8bn in 2020.
The looting scheme
Activity by North Korean cybercriminals has tended to follow a clear ‘cover up and cash out’ pattern, say researchers.
They usually steal ether (ETH), converting their gains into bitcoin (BTC) later on. Then, the hackers ‘mix’ the loot, saving stolen coins in brand new wallets before finally exchanging them for fiat currency, normally the Chinese yuan (CHY).
The cash generated by the money-laundering scheme would eventually be used to finance the regime and its ballistic missile activities, according to UN investigations.
“The mixers are software tools that pool and scramble cryptocurrencies from thousands of addresses, in a calculated attempt to obscure the origins of ill-gotten cryptocurrencies while off-ramping into fiat,” explained the Chainalysis researchers.
North Korean treasure
Interestingly, the researchers also traced millions of dollars’ worth of looted cryptocurrency that was sitting in dormant wallets.
Chainalysis identified $170m in current balances, representing the funds stolen in 49 separate hacks spanning from 2017 to 2021, that is controlled by North Korea but yet to be laundered as described above.
“Of DPRK’s total holdings, roughly $35m came from attacks in 2020 and 2021. By contrast, more than $55m came from attacks carried out in 2016, meaning that DPRK has massive unlaundered balances as much as six years old,” explained the researchers.
The reason why the cybercriminals didn’t cash out is still unknown, but it is thought that the regime was probably waiting for statute limitations to expire, so as to cash out without problems.
“These behaviours paint a portrait of a nation that supports cryptocurrency-enabled crime on a massive scale. Systematic and sophisticated, North Korea’s government, be it through the Lazarus Group or its other criminal syndicates, has cemented itself as an advanced persistent threat to the cryptocurrency industry in 2021,” said researchers.