Analysts say N. Korea is driving crypto theft surge

Thieves stole a record $3.8 billion worth of cryptocurrency in 2022 as sanctions on North Korea drove a surge in suspected hacking by the Asian nation, analysts say.

Overall crypto losses increased from $3.3 billion stolen in 2021, blockchain analysis firm Chainalysis said in a report published Wednesday. Hacking groups that U.S. officials have linked to the North Korean government stole an estimated $1.7 billion in 2022, up from about $400 million the previous year, according to the firm.

North Korean hackers have increased focus on the cryptocurrency sector as a means to raise revenue in the face of international sanctions, according to U.S. officials. Crypto fraudsters have used a range of tactics, from posing as non-North Koreans in job interviews to deploying ransomware, researchers found. Anne Neuberger, U.S. deputy national security adviser for cyber and emerging technology, said in July that money stolen via hacking makes up about one-third of the funding for Pyongyang's weapons development programs.

In the United States, the Federal Bureau of Investigation last week blamed two North Korean cybercrime groups for stealing some $100 million during a June heist at the Harmony Bridge crypto service. The Lazarus Group, a specialized hacking unit that the FBI previously said is associated with North Korea's Reconnaissance General Bureau, also stole about $600 million in March from a blockchain network connected to Axie Infinity, a popular video game, U.S. officials said.

Investigators later said they recovered some $30 million stolen during the Axie Infinity theft in an effort that Chainalysis said marked the first seizure of funds stolen by hackers linked to North Korea.

"We expect more such stories in the coming years, largely due to the transparency of the blockchain," Chainalysis wrote in the Wednesday report. "When every transaction is recorded in a public ledger, it means that law enforcement always has a trail to follow, even years after the fact, which is invaluable as investigative techniques improve over time."

The report found that suspected North Korean groups relied heavily on so-called mixing services, which allow users to mask transactions, to launder stolen cryptocurrency. The hackers almost exclusively used Tornado Cash to launder digital money until the U.S. Treasury Department sanctioned the service in August.

Of all the cryptocurrency stolen last year, $3.1 billion was taken from decentralized finance, or DeFi, protocols, Chainalysis said. Attackers leveraged hard-to-spot digital vulnerabilities in the DeFi infrastructure supporting crypto projects, with a particular focus on bridge services. Of the $3.1 billion stolen from DeFi services, 64% came from cross-chain bridges, which allow users to convert one cryptocurrency to another, Chainalysis observed.

Upcoming Events