December 3, 2023 at 04:11PM
North Korean hackers have stolen around $3 billion in cryptocurrency since 2017, targeting exchanges, individuals, and firms. The theft, often led by groups like Kimsuky and Lazarus, funds North Korea’s military and weapons programs. The U.S. Treasury has imposed sanctions on these hacking groups and related entities.
Meeting Takeaways:
1. North Korean hackers, backed by the state, have stolen approximately $3 billion from the cryptocurrency industry over the past six years starting from January 2017.
2. The hacking groups Kimsuky, Lazarus Group, Andariel, and others have been conducting cyberattacks similar to cybercriminal gangs. In particular, these groups were responsible for 44% of all stolen cryptocurrency last year, as reported by the Insikt Group of Recorded Future.
3. These groups predominantly target cryptocurrency exchanges but have also attacked individual users and venture capital firms.
4. The cryptocurrency theft contributes significantly to Pyongyang’s income, funding its military and weapons development programs. However, there is no available data quantifying how much of this funding directly supports ballistic missile development. Both the amount of cryptocurrency stolen and the frequency of missile launches have increased in recent years.
5. North Korea escalated its focus on cryptocurrency during the 2017 cryptocurrency bubble, moving from traditional financial institution thefts via the SWIFT network to crypto markets, starting in South Korea and then expanding globally.
6. In 2022, North Korean actors were accused of stealing $1.7 billion in cryptocurrency, a significant part of the country’s economy and military budget.
7. North Korean hackers have significantly increased their cryptocurrency thefts, with a confidential United Nations report highlighting thefts amounting to between $630 million to over $1 billion in 2022 alone.
8. Notable hacks by North Korean Lazarus hackers include those on the Harmony blockchain bridge, the Nomad bridge, the Qubit Finance bridge, and the Ronin Network cross-chain bridge, with theft reaching up to $620 million in the latter.
9. In the current year, they are suspected of stealing $200 million through multiple attacks on platforms including Atomic Wallet, AlphaPo, and CoinsPaid.
10. Recorded Future researchers have compiled a detailed report on the history of North Korean cryptocurrency targeting.
11. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on the Kimsuky hacking group and previously on other North Korean hacking groups for supporting the country’s weapons of mass destruction (WMD) programs.
12. OFAC has also sanctioned cryptocurrency mixer services like Sinbad, Tornado Cash, and Blender.io, which were used by these hacking groups to launder stolen funds.
13. OFAC announced sanctions in May against four North Korean entities for their involvement in generating revenue through illegal IT worker schemes and cyberattacks, which in turn funds the DPRK’s WMD programs.