Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime
Researchers Trace 61% of Known Losses This Year to Pyongyang-Backed Hackers
Hackers tied to North Korea’s cash-strapped totalitarian dictatorship this year stole a record amount of cryptocurrency.
See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation
Blockchain analytics firm Chainalysis said the total volume of stolen crypto funds is on track to reach to $2.2 billion for 2024, up 21% from 2023, while the number of individual hacking incidents has so far increased from 282 in 2023 to 303 this year.
Of the total funds stolen so far this year, hackers tied to the world’s only hereditary communist monarchy, officially called the Democratic People’s Republic of Korea, appear to be responsible for the theft of $1.34 billion via 47 incidents, which would be double its collective 2023 haul, Chainalysis said.
In a report released earlier this month, blockchain intelligence platform TRM Labs said that from January to October of this year, North Korea accounted for anywhere between 50% and 100% of all known illicit use of crypto, primarily via “hacked or exploited funds.” Nigerian hackers ranked second, thanks mostly to “one high-volume entity involved in a range of scam activities,” followed by hackers located in Georgia, the Philippines and Russia.
North Koreans’ appetite for crypto is existential with stolen proceeds used to directly support the country’s regime – including leaders’ luxurious lifestyles – as well as the country’s development of weapons of mass destruction, including nuclear weapons and ballistic missiles.
Annual crypto losses for 2024 remain less than the previous records set in 2021 and 2022, buoyed in part by Bitcoin reaching a then-record value of $66,000 in late 2021. Historically, attacker interest in crypto has surged alongside its increase in value. With the value of a Bitcoin last week reaching an all-time high value of $106,000, increased hacker interest may well follow (see: Cryptocurrency Theft Haul Surges Alongside Crypto Value).
North Korean hackers appear responsible for 61% of the total value of crypto stolen in 2024, as well as 20% of all known hacking incidents. Their penchant for committing exploits small and large, including “most large-size exploits,” continues to increase, and may yet surge further in the upcoming holidays.
This time last year, Chainalysis assessed that North Korean hackers stole $1.0 billion in 2023, across 20 different hack attacks, a number it revised downward to $661 million. “Upon further investigation, we determined that certain large hacks we had previously attributed to the DPRK are likely no longer related, hence the decrease,” it said. The number of 2023 DPRK incidents remained about the same, as it’s since tied a number of other, smaller hacks to North Korea.
Hackers Shift Focus to Centralized Services
Since 2021, crypto-seeking criminals have primarily hit decentralized finance – or DeFi – platforms, which remain dogged by accusations that they don’t invest in security, focusing instead on high rates of growth.
While hackers’ penchant for targeting DeFi platforms continued through the first quarter of this year, since then their focus has shifted more toward centralized services such as DMM Bitcoin and WazirX.
“Given that centralized exchanges manage substantial amounts of user funds, the impact of a private key compromise can be devastating,” Chainalysis said.
A May attack on Japanese cryptocurrency exchange DMM Bitcoin led to the loss of about 4,500 bitcoins, then worth approximately $303 million, potentially due to “private key mismanagement or lack of adequate security,” with many of the stolen funds subsequently getting laundered through a CoinJoin anonymous Bitcoin mixing service, as well as via crypto bridging services, Chainalysis said.
Earlier this month, DMM Bitcoin announced it will cease operations by May 2025, moving its cryptocurrency trading offerings to Japan-based SBI VC Trade, in part to not inconvenience customers as investigations into the hack attack continue.
In July, an attacker stole $230 million worth of cryptocurrency from the Ethereum hot wallet of WazirX – one of India’s largest crypto exchanges – accounting for about 45% of its entire holdings. Police in India arrested an individual suspected of creating and selling a fake account to another attacker who used it to perpetrate the attack, who remains at large.
After Q2, Crypto Theft Declined
Despite accounting billions in losses this year, the monthly volume of crypto hack attacks appeared to decline in the second half of this year. “Through the end of July, the ecosystem was easily on track for a year that could rival the $3 billion-plus years of 2021 and 2022,” Chainalysis said. “However, 2024’s upward trend slowed considerably after July, after which it remained relatively steady.”
The reason for this shift remains unclear. The decline in incidents occurred following Russian President Vladimir Putin journeying to North Korea in June, for the first time in 24 years, where he met Supreme Leader Kim Jong Un. The two signed “a comprehensive strategic partnership” treaty between the two countries, with Kim pledging “full support” for Russia’s war of conquest against Ukraine, including deploying an estimated 12,000 DPRK troops to support the invasion.
Given the timing, “in addition to redirecting military resources toward the conflict in Ukraine, the DPRK – which has dramatically increased its cooperation with Russia in recent years – may have altered its cybercriminal activity as well,” Chainalysis said.
So far, any connection between the increased tempo of cooperation between the two countries and the perceived decline in crypto theft remains coincidental.