North Korean attackers crypto theft fall 30% to $600M in 2023
North Korea-affiliated attackers stole around $600 million worth of cryptocurrencies last year, according to blockchain analytical firm TRM Labs. The amount could rise to as much as $700 million if the Dec. 31 hack of Orbit Chain is linked to the country.
This represents a 30% decline from the $850 million stolen in 2022 by hackers linked to the Asian country, bringing the total amount they stole to $3 billion in six years.
“Hacks perpetrated by the DPRK were on average ten times as damaging as those not linked to North Korea,” TRM Labs wrote.
North Korea, already grappling with severe economic sanctions from Western powers, increasingly relies on ill-gotten crypto assets and proceeds from illicit ventures to finance its weapons program.
The U.S. has traced back several crypto breaches to North Korea-affiliated hacker-controlled wallets, such as the Ronin bridge exploit, which saw the theft of over $600 million in assets.
Other notable security breaches the North Korean-backed hacker groups were involved in last year include a $60 million attack on the cryptocurrency payment service Alphapo in July, a $37 million theft from CoinsPaid in June, and the theft of more than $100 million from Atomic Wallet.
How North Korean attackers operate
Usually, their modus operandi involves compromising the private keys and seed phrases linked to digital wallets before leveraging crypto mixers to convert assets into USDT or Tron.
Additionally, the attackers are increasingly targeting the cryptocurrency community through widespread phishing operations on the popular messaging application Telegram.
However, these hackers have diversified their laundering strategies in response to sanctions imposed by Western authorities.
As a result, North Korean cyber attackers have reduced their usage of popular mixing platforms like Tornado Cash and ChipMixer. CryptoSlate reported that Tornado Cash’s overall volume fell by around 85% post-sanctions.
Meanwhile, despite significant advancements in security measures, TRM Labs warned that these highly adept cybercriminals might still cause significant disruptions this year.