North Korean hackers stole $400 million in cryptocurrency last year — and they're in no rush to cash out

Advertisement
North Korean hackers stole $400 million in cryptocurrency last year — and they're in no rush to cash out
North Korea-linked hackers stole nearly $400 million in cryptocurrency last year.Kim Won Jin/AFP/Getty Images
  • After dipping in 2019, the number of North Korean-linked hacks grew in 2020 and 2021.
  • Ether accounted for about 60% of the nearly $400 million of funds stolen in 2021.

North Korea stole nearly $400 million worth in cryptocurrency in 2021, making it a "banner year" for the country's cybercriminals, according to blockchain analysis firm Chainalysis.

The attacks were targeted at investment firms and centralized exchanges, Chainalysis said in a report released on Thursday.

Ethereum's native token ether accounted for about 60% of the funds stolen last year, while bitcoin made up just 20% of the pilfered cryptocurrencies.

Advertisement

"Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out," said the report.

After dipping in 2019, the number of North Korean-linked hacks grew in 2020 and 2021, with the value extracted from these hacks growing by 40%, Chainalysis noted.

Many of these attacks were likely carried out by the Lazarus Group, which is linked to the WannaCry ransomware attack in 2017 and another major attack on Sony Pictures in 2014.

Advertisement

But the group has since concentrated its efforts on cryptocurrency crime, stealing and laundering virtual currencies over $200 million in value each year, said Chainalysis.

Chainalysis also identified $170 million in current balances that are controlled by North Korea but have yet to be laundered — one-third or $55 million of the amount was from attacks carried out in 2016, "meaning that DPRK has massive unlaundered balances as much as six years old," referring to the country by its official name, the Democratic People's Republic of Korea.

"It's unclear why the hackers would still be sitting on these funds, but it could be that they are hoping law enforcement interest in the cases will die down, so they can cash out without being watched," said Chainalysis.

Advertisement

"Whatever the reason may be, the length of time that DPRK is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one," the analysis firm added.

The United Nations said North Korea-linked hackers stole $316 million in 2020 to support the country's faltering economy and fund its nuclear weapons program.

North Korea has routinely denied hacking allegations.

Advertisement
{{}}