Report: North Korean hackers stole $1b from 20 crypto platforms in 2023

Chainalysis, a blockchain analysis firm, revealed in its latest report on Wednesday that North Korea-associated hackers had attacked a record number of 20 crypto platforms in 2023, the highest since 2016, stealing approximately $1 billion worth of crypto assets last year.

“North Korea-linked hacks have been on the rise over the past few years, with cyber-espionage groups such as Kimsuky and Lazarus Group utilizing various malicious tactics to acquire large amounts of crypto assets,” said Chainanalysis.

The latest case was in September when the FBI confirmed that approximately $41 million of crypto assets were stolen from the online casino and betting platform by North Korea’s Lazarus Group.

Earlier investigations have indicated that hackers linked to North Korea stole hundreds of millions in crypto to finance the regime’s nuclear weapons programs.

The hackers directed their efforts toward decentralized finance (DeFi) platforms, stealing approximately $428.8 million. DeFi is a new financial paradigm utilizing distributed ledger technologies to provide services like lending, investing, or trading crypto assets without dependence on a conventional centralized intermediary.

Their attention was also on centralized services, exchanges, and wallet providers, where they illicitly obtained sums of $150 million, $330.9 million, and $127 million, respectively.

The number of stolen funds was high in 2023, however, the total is 54.3 percent lower than the amount taken in 2022 ($1.7 billion). The drop can be primarily attributed to a decrease in DeFi hacking incidents. Despite an overall rise in the number of crypto hacks in 2023, the figure for DeFi exploits dropped by 17.2 percent.

While the surge in stolen crypto in recent years was largely driven by hacks targeting DeFi protocols, totaling over $3.1 billion in 2021 and 2022, the trend shifted in 2023. Hackers managed to steal only $1.1 billion from DeFi platforms, marking a 63.7 percent drop in the total value stolen year-over-year.

Chainalysis, in collaboration with partners Web3 and blockchain security firm Halborn, explained that the decline in DeFi hacks could be attributed to on-chain and off-chain attack vectors.

Mar Gimenez-Aguilar, lead security architect and researcher at Halborn, acknowledged that the “reduction in DeFi hacking losses could be influenced, at least in part, by the overall decline in DeFi activity in 2023, resulting in fewer DeFi protocols presenting attractive opportunities for hackers.

North Korean hackers use “age-old” tactics

Erin Plante, the vice president of investigations at Chainalysis, anticipates that the hacks from North Korea will become more sophisticated and diverse.

Plante noted that North Korea-linked hacks in 2023 were more dominated by phishing and social engineering. She characterized these attack vectors as “age-old” hacking tactics that can be prevented through raising education and awareness among employees.

“Organizations should ensure that every employee is vigilant and up to speed with the technical aspect of cyber defenses,” she said.

She also mentioned a recurring pattern in attacks linked to North Korea. The executive emphasized that the hackers typically spend more time in the networks, highlighting the importance of increased network monitoring and security measures.

Regarding security, Plante suggests that DeFi protocols susceptible to on-chain vulnerabilities should implement monitoring systems for on-chain activities. Conversely, platforms at risk from off-chain threats should decrease dependence on centralized products and services.

According to the Chainalysis executive, the North Korean hackers will persist in seeking opportunities to steal substantial funds.

“Their ability to rapidly evolve, as doors are closed to them, continues to make them an advanced foe,” said Plante.

Leave a comment

My Newsletter

Sign Up For Updates & Newsletters