UN: North Korean cybercriminals hack crypto platforms

By Raffaele Redi

The UN first reported the phenomenon in 2019

Close-up of North Korea on a map                                 
Criminal activity followed a clear ‘cover up and cash out’ pattern, says UN – Photo: Shutterstock
                                

The North Korean regime has been seeking to evade financial sanctions and fund its military activities by means of “sophisticated” crypto scams, according to the UN.

The illicit activity was first brought to light in a UN report in 2019, while over the past year Chainanalysis researchers have been tracking unlawful activity originating in the Democratic People’s Republic of Korea (DPRK) .

According to the researchers, North Korean cybercriminals launched at least seven attacks on cryptocurrency platforms in 2021, extracting almost $400m worth of digital assets.

“These attacks targeted primarily investment firms and centralised exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organisations’ internet-connected “hot” wallets into DPRK-controlled addresses,” explained Chainalysis researchers.

In 2021, overall cryptocurrency-based crime global activity hit a new all-time high, with illicit addresses benefitting to the tune of $14bn over the course of the year, up from $7.8bn in 2020.

The looting scheme

Activity by North Korean cybercriminals has tended to follow a clear ‘cover up and cash out’ pattern, say researchers.

They usually steal ether (ETH), converting their gains into bitcoin (BTC) later on. Then, the hackers ‘mix’ the loot, saving stolen coins in brand new wallets before finally exchanging them for fiat currency, normally the Chinese yuan (CHY).

The cash generated by the money-laundering scheme would eventually be used to finance the regime and its ballistic missile activities, according to UN investigations.

“The mixers are software tools that pool and scramble cryptocurrencies from thousands of addresses, in a calculated attempt to obscure the origins of ill-gotten cryptocurrencies while off-ramping into fiat,” explained the Chainalysis researchers.

North Korean treasure

Interestingly, the researchers also traced millions of dollars’ worth of looted cryptocurrency that was sitting in dormant wallets.

Chainalysis identified $170m in current balances, representing the funds stolen in 49 separate hacks spanning from 2017 to 2021, that is controlled by North Korea but yet to be laundered as described above.

“Of DPRK’s total holdings, roughly $35m came from attacks in 2020 and 2021. By contrast, more than $55m came from attacks carried out in 2016, meaning that DPRK has massive unlaundered balances as much as six years old,” explained the researchers.

The reason why the cybercriminals didn’t cash out is still unknown, but it is thought that the regime was probably waiting for statute limitations to expire, so as to cash out without problems.

“These behaviours paint a portrait of a nation that supports cryptocurrency-enabled crime on a massive scale. Systematic and sophisticated, North Korea’s government, be it through the Lazarus Group or its other criminal syndicates, has cemented itself as an advanced persistent threat to the cryptocurrency industry in 2021,” said researchers.

Further reading:

The material provided on this website is for information purposes only and should not be regarded as investment research or investment advice. Any opinion that may be provided on this page is a subjective point of view of the author and does not constitute a recommendation by Currency Com Bel LLC or its partners. We do not make any endorsements or warranty on the accuracy or completeness of the information that is provided on this page. By relying on the information on this page, you acknowledge that you are acting knowingly and independently and that you accept all the risks involved.
iPhone Image
Trade the world’s top tokenised stocks, indices, commodities and currencies with the help of crypto or fiat
iMac Image
Trade the world’s top tokenised stocks, indices, commodities and currencies with the help of crypto or fiat
iMac Image