North Korean state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017.
Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups have been behind attacks similar to typical cybercriminal gangs, albeit on a much larger scale, given that their operations were behind 44% of all stolen cryptocurrency last year, according to a report by Recorded Future’s Insikt Group.
While cryptocurrency exchanges are at the top of their list of targets, they have also been linked to attacks on individual users and venture capital firms.
Cryptocurrency theft is one of Pyongyang’s most significant revenue streams, with proceeds earmarked for military and weapon development programs (although there is no data on how much funding is set aside for ballistic missile launches, both the volume of stolen cryptocurrency and missile launches have increased in recent years).
Read More
“Since 2017, North Korea has significantly increased its focus on the cryptocurrency industry, stealing an estimated $3 billion worth of cryptocurrency,” Recorded Future analysts said.
“Initially successful in stealing from financial institutions through the hijacking of the SWIFT network, North Korea shifted its attention to cryptocurrency during the 2017 bubble, starting with the South Korean market and later expanding globally.
“In 2022 alone, North Korean threat actors were accused of stealing $1.7 billion in cryptocurrency, equivalent to 5% of the country’s economy or 45% of its military budget.”
North Korean state hackers have been behind unprecedented levels of cryptocurrency theft, stealing between $630 million and more than $1 billion in 2022 alone, effectively doubling Pyongyang’s illicit profits from cyber theft compared to the previous year, according to a confidential United Nations report.
Their cryptocurrency attacks started surging after the hack of South Korean exchanges Bithumb, Youbit, and Yapizon in 2017 when they stole crypto assets worth roughly $82.7 million.
In the last two years, North Korean Lazarus hackers have been linked to crypto heists against the Harmony blockchain bridge ($100 million in losses), the Nomad bridge ($190 million in losses), the Qubit Finance bridge ($80 million in losses), and the largest crypto hack ever after breaching the Ronin Network cross-chain bridge and stealing $620 million.
They are also accused of stealing $200 million in multiple attacks this year, including from Atomic Wallet ($35 million), AlphaPo ($60 million in two separate attacks), and CoinsPaid ($37 million).