Chainalysis: Hackers in North Korea stole $400 million in crypto last year

North Korea is now hoarding a large quantity of cryptocurrency, valued at roughly $170 million, according to Chainalysis.

According to a new report by Chainalysis, a blockchain data platform, North Korean hackers stole at least $400 million in digital assets in at least seven cyber heists on cryptocurrency platforms last year. In 2021, Ether accounted for up to 58 percent of the stolen cryptocurrency, with Bitcoin accounting for only 20% of the total. Altcoins or ERC-20 tokens on the Ethereum platform accounted for the remaining 22%. This is the first time Ether has made up the bulk of stolen funds.

According to the study published on Thursday, "From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%."

The victims of the attacks were mostly investment businesses and centralized exchanges, according to Chainalysis, which included Liquid.com, which disclosed in August that an unauthorized user had acquired access to some of the wallets it controlled. Sixty-seven distinct ERC-20 tokens and substantial amounts of Ether and Bitcoin had been transferred from these wallets to addresses controlled by a person acting on behalf of North Korea.

How do these hacks work?

According to Chainalysis, the hackers conduct a careful laundering operation to cover their tracks and cash out after stealing the digital assets. The hackers' exact identities are unknown, but many of the recent assaults may have been carried out by the Lazarus Group, a cybercrime group with close ties to North Korea.

In a report published on its website, Chainalysis stated: "Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out."

To siphon monies out of businesses' wallets and into North Korean-controlled addresses, the attackers use phishing lures, code vulnerabilities, and malware.

After the funds have been taken, the attackers then exchange the different ERC-20 tokens for other cryptocurrencies and mix them into other wallets using decentralized protocols. These are then transferred to Asian crypto-to-fiat exchangers. It's not clear why they are sitting on the money, but this shows that the hackers aren't always fast to transfer stolen funds through the laundering process.

The Lazarus Group has been linked to the WannaCry ransomware attack and the 2014 hack of o Sony Pictures Entertainment.

The country has previously released statements to deny any involvement in the attacks.