According to recent findings by TRM Labs, North Korean hackers managed to pilfer a minimum of USD 600 million in cryptocurrency throughout 2023. Additional breaches occurring in the final days of the previous year, if confirmed to be linked to North Korea, could elevate the total amount to approximately USD 700 million.
Despite a 30% decrease from the USD 850 million looted in 2022, the Democratic People’s Republic of Korea (DPRK) accounted for nearly one-third of all funds stolen in cryptocurrency attacks last year.
On average, hacks attributed to the DPRK were ten times more detrimental than those not connected to North Korea, resulting in a cumulative loss of nearly USD 3 billion in crypto since 2017.
The DPRK predominantly executes its attacks by compromising private keys and seed phrases, crucial security components of digital wallets. Subsequently, hackers transfer the targeted individuals’ digital assets to wallet addresses controlled by North Korean operatives, often converting them to USDT or Tron and exchanging them for hard currency through high-volume OTC brokers.
North Korea adapts its money laundering tactics continuously to evade international law enforcement scrutiny. In response to US sanctions and enforcement actions targeting its previous preferred obfuscation platforms, Tornado Cash and ChipMixer, North Korea shifted to another mixer it had already begun using, the BTC service Sinbad. Following Sinbad’s sanctioning by OFAC in November 2023, North Korea continued exploring alternative laundering tools.
Having stolen almost USD 1.5 billion in the past two years alone, North Korea’s proficiency in hacking necessitates ongoing vigilance and innovation from both businesses and governments. Despite advancements in cybersecurity within exchanges and increased global collaboration in tracking and recovering stolen funds, 2024 is anticipated to witness further disruptions from the world’s most prolific cyber-thief.