North Korean hackers stole almost $400 million worth of digital assets from crypto platforms last year, mostly in the form of ether, according to a Chainalysis report published on Thursday.
- For the first time, ether accounted for most – 58% – of the stolen funds, according to the report. It was followed by altcoins and ERC-20 tokens, with bitcoin at just 20% of the total, Chainalysis said.
- The increased variety of tokens has led the hackers to step up their efforts to launder their spoils, the report said. The typical process now involves several steps of swapping one cryptocurrency for another on decentralized exchanges and using decentralized finance (DeFi) mixers, privacy tools for obscuring the history of the transactions, to conceal their tracks, according to Chainalysis.
- Mixers were the most used tool among North Korean hackers for the first time, accounting for over 65% of stolen funds, up from 42% in 2020 and 21% the year before, Chainalysis said. In 2017 and 2019, crypto exchanges were the most popular way of laundering money.
- About $170 million of stolen funds from 49 exploits dating back to 2017 have yet to be laundered, the report said.
- The number of North Korea-attributed attacks grew from four to seven, and the funds stolen grew by 40%, the highest since 2018, according to the report. The victims were mostly investment firms and centralized exchanges.
- Chainalysis said that many of last year’s attacks were likely carried out by a group labeled as advanced persistent threat 38 (APT38), also known as Lazarus Group. The group is believed to be led by Pyonyang’s primary intelligence agency, the Reconnaissance General Bureau.