North Korean hackers reportedly stole nearly $400 million worth of cryptocurrency in 2021, making it one of the most lucrative years for cybercriminals in the impoverished and severely isolated country.
According to a new report by Chainalysis, a firm that tracks cryptocurrency, hackers launched at least seven different attacks in 2021, targeting investment firms and centralized exchanges with a variety of tactics, including phishing, malware and social engineering.
The cybercriminals worked to gain access to organizations’ “hot” wallets — digital wallets that are connected to the internet — and then move funds into North Korea controlled accounts.
The report is the latest indication that North Korea which is heavily sanctioned by the US and UN continues to rely on a network of hackers to help fund its domestic nuclear program.
A confidential United Nations report last year accused the regime of North Korea’s leader, Kim Jong Un, of conducting “operations against financial institutions and virtual currency exchange houses” to pay for weapons and keep North Korea’s economy afloat.
Last February, the US Justice Department charged three North Koreans for conspiring to steal more than $1.3 billion from banks and companies around the world and orchestrating digital heists of cryptocurrency.
According to Chainalysis, most of last year’s thefts were carried out by the Lazarus Group, a hacking group with links to North Korea that has previously been linked to the hack on Sony Pictures.
“North Korea is, in most respects, cut off from the global financial system by a long sanctions campaign by the US and foreign partners.” said Nick Carlsen, analyst at blockchain intelligence firm TRM Labs.
“As a result they have taken to the digital battlefield to steal crypto in, essentially, [a] bank robbery at the speed of the internet, to fund weapons programs, nuclear proliferation and other destabilizing activities.”
“As the cryptocurrency market grows more popular we are likely to see continued interest by North Korea to target crypto businesses that are young and building out cyber defenses and anti-money laundering controls,” said Carlsen.