North Korea Hacks Crypto: More Targets, Lower Gains

Written by

North Korea-backed threat actors hacked more crypto platforms than ever in 2023 but stole less of the digital currency in total than in 2022.

Crypto research firm Chainalysis has found that North Korean adversaries stole slightly over $1.0bn in 2023, compared with around $1.7bn in 2022.

Source: Chainalysis
Source: Chainalysis

The 2022 spike, which set a record of stolen cryptocurrencies from North Korean-aligned threat actors, was primarily due to a prolific heist on decentralized finance (DeFi) products. That year, North Korean hackers stole approximately $1.19bn in DeFi assets, representing 70% of all crypto gains.

Global Drop in DeFi Hacking

In 2023, the global DeFi boon has waned and North Korean hackers gained significantly less from targeting DeFi protocols.

Chainalysis researchers explained that the reason for this new trend is likely twofold. First, DeFi protocol developers and maintainers have improved their operation security (OpSec).

“When examining this trend last year, security experts told us that they believe many DeFi vulnerabilities stemmed from protocol operators focusing primarily on growth, and not enough on implementing and maintaining robust security systems,” reads the Chainalysis report.

The second reason is the value drop in DeFi assets in 2023, which impacted the gains from DeFi hacking globally.

The global value lost in DeFi hacks declined by 63.7% year-over-year in 2023, and the median loss per DeFi hack dropped by 7.4%. And, while the number of individual crypto hacks rose in 2023, the number of DeFi hacks declined by 17.2%. 

This trend is mirrored when examining DeFi hacks coming from North Korean groups, who stole $428.8m from DeFi platforms in 2023, from $1.19bn in 2022.

Read more: Illicit Cryptocurrency Flows Drop 39% in 2023

North Korean Hackers Diversified Their Crypto Targets

To compensate for this loss of income, North Korean hackers diversified their attacks in 2023, adding centralized crypto platforms and crypto wallets (e.g. Atomic Wallet, Alphapo and Coinspaid) to their victim portfolio.

Source: Chainalysis
Source: Chainalysis

According to Chainalysis, this new targeting is an example of hackers deploying more sophisticated attacks against crypto assets.

However, the firm added that crypto platforms are also becoming more sophisticated in their security and responses to attacks, which allows law enforcement agencies to act more quickly.

“Over time, as these processes improve, it is likely that funds stolen from crypto hacks will continue to decline,” Chainalysis predicted.

Read more from the Chainalysis 2024 Crypto Crime Report: Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024

What’s hot on Infosecurity Magazine?