North Korean Hackers Stole $600m in Crypto in 2023

Written by

North Korean hackers stole at least $600m in cryptocurrency in 2023, around a third of the total value of such heists, according to blockchain intelligence firm TRM.

Despite the eye-watering sum, this figure represents a 30% reduction on cryptocurrency stolen by Democratic People’s Republic of Korea (DPRK)-linked hackers compared to 2022, at $850m.

The researchers noted that if additional crypto heists committed in the final days of 2023 are attributed to DPRK, the total amount stolen last year could rise to as much as $700m. This includes an attack on Orbit Chain on December 31, 2023, which led to more than $80m worth of crypto being taken.

Amount of cryptocurrency stolen by North Korean hackers since 2017. Source: TRM.
Amount of cryptocurrency stolen by North Korean hackers since 2017. Source: TRM.

In total, TRM researchers believe $2.7bn worth of crypto has been stolen by DPRK-based attackers since 2017.

The North Korean government uses crypto thefts as a means of generating revenue in the face of international sanctions targeting the regime, experts believe.

TRM’s analysis also found that crypto hacks perpetrated by North Korea are on average 10-times more damaging as those not linked to Pyongyang.

How is North Korea Perpetrating Attacks?

The researchers said that North Korean hackers are using innovative tactics to evade international law enforcement action. For example, following US sanctions and enforcement activities against crypto mixers Tornado Cash and ChipMixer, groups like Lazarus pivoted to other methods to launder stolen crypto funds.

The primary method used by DPRK-linked attackers to launch crypto heists are compromising the private keys and seed phrases used to protect digital wallets.

Following compromise, the hackers transfer the victims’ digital assets to a wallet address controlled by North Korean operatives before swapping the currency for USDT or Tron and then converting it to hard currency using high-volume OTC brokers.

TRM acknowledged that there has been “notable advancements” in tackling crypto thefts, including improved security in exchanges and increased international collaboration in tracking and recovering stolen funds.

However, the firm predicts North Korean hackers to continue to be effective in space during 2024.

“With nearly $1.5bn stolen in the past two years alone, North Korea’s hacking prowess demands continuous vigilance and innovation from business and governments,” stated the researchers.

What’s hot on Infosecurity Magazine?