North Korean Hackers Approve $400M Crypto In 2021 With $170M Unwashed

Follow report by Chainalysis, the cybercriminals of the Democratic People’s Republic of Korea (DPRK) have established themselves as an advanced and persistent threat to the crypto industry in 2021.

North Korean hackers stole $400 million worth of cryptocurrency last year, the total amount of unlaundered funds, according to a blockchain-based data platform that helps the government and private sector to detect and prevent illegal uses of cryptocurrencies to an all-time high (ATH).

Lazarus group

North Korean hackers, mainly targeting investment firms and centralized exchanges, have carried out at least 7 attacks on multiple crypto platforms and appropriated nearly $400 million in crypto by 2021.

Meanwhile, compared to 2020, the number of attacks has increased from 4 to 7 and the damage has increased by 40%.

 Source: chain analysis

Cybercriminals used phishing scams, code mining, malware and social networking techniques to transfer funds from institutions’ “hot” wallets to addresses controlled by North Korea.

After North Korea obtained custody of the stolen cryptocurrency, it employed a variety of sophisticated money-laundering tactics to remove traces and pay out funds.

“These sophisticated tactics and techniques have led many security researchers to identify cyber actors working for North Korea as Advanced Persistent Threats (APTs),” the report notes, noting that this is particularly true of APT 38, or “Lazarus Group.” , led by the General Department of Operations (North Korea’s main intelligence agency recognized by the United States and the United Nations).

As of 2018, the Lazarus Group stole and laundered large amounts of cryptocurrency, often over $200 million each year.

“The most successful personal hacks alone, like one on KuCoin and one on an unnamed exchange, each raised over $250 million.”

The report notes that according to the United Nations Security Council, proceeds from the hacks will be used to support North Korea’s weapons of mass destruction and ballistic missile programs.

money laundering process

In 2021, for the first time, ETH in US dollars makes up the majority of crypto stolen by North Korea, while Bitcoin accounts for just 20% and ERC-20 tokens and altcoins 22%.

Percentage of coins stolen by North Korea over time | Source: chain analysis

According to Chainalysis, more and more cryptocurrencies are being stolen, resulting in increasingly complex money laundering from North Korea. Hackers have broken the process down into multiple steps, making blender use soar in 2021.

These software tools allow hackers to pool and shuffle cryptocurrencies from thousands of addresses and make transaction tracking much more difficult.

Chainalysis explains that the tactics used are based on one of the previous year’s attacks that resulted in $91.35 million worth of crypto being laundered.

In August, Liquid.com reported that an unauthorized user gained access to multiple wallets managed by the exchange. During the attack, 67 different ERC-20 tokens along with large amounts of ETH and Bitcoin were moved from these crypto wallets to addresses controlled by a party representing the DPRK.

In the usual money laundering process, ERC-20 tokens and altcoins are exchanged for ETH on a decentralized exchange (DEX).

In the next step, ETH is mixed and exchanged for Bitcoin on DEXs and CEXs (centralized exchanges).

money laundering process | Source: chain analysis

Finally, bitcoins are mixed and consolidated into new wallets, which are then sent to deposit addresses at crypto-to-fiat exchanges in Asia.

QMoney Laundering Process | Source: chain analysis

According to the report, more than 65% of North Korea’s stolen funds were laundered through mixers in 2021, up from 42% in 2020.

Chainalysis describes North Korea’s use of multiple mixers as a “calculated attempt to hide the origins of nefarious cryptocurrencies while also beginning to whitewash them into fiat.”

Meanwhile, hackers are using DeFi platforms like DEXs to “provide liquidity for a variety of ERC-20 tokens and altcoins that cannot be converted into cash.”

Swapping these cryptocurrencies into ETH or Bitcoin not only makes them more liquid, but also opens up a wider range of mixers and exchanges.

According to Chainalysis, DeFi platforms are typically non-custodial and do not require identity verification (KYC). This allows hackers to use their services without freezing their assets or revealing their identities.

The amount of unlaundered money is increasing

“Chainalysis has identified $170 million in current funds stolen by 49 separate hacks over the period 2017-2021 that were controlled by North Korea but have not yet been laundered by services.

In addition, among them there is a huge amount of unwashed money that has existed for 6 years. Specifically, about $35 million came from attacks in 2020 and 2021, while more than $55 million came from attacks in 2016.

Balance held by North Korea over that year | Source: chain analysis

The report concludes:

“It’s not clear why the hackers continue to sit on this pile of funds, but it’s possible they’re waiting for law enforcement interest to wane so they can withdraw their funds without being tracked.” Regardless of why the DPRK took the time and was willing to keep these funds, you can see that they have a careful plan, not a reckless and hasty plan.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page