North Korea has stolen around $200 million in cryptocurrencies across 30 hacks so far in 2023, less than in 2022 but still a sum “10 times larger than attacks by other actors,” according to a new report by the blockchain analytics firm TRM Labs.
Although this year has witnessed a considerable downturn in crypto hacks, largely attributable to the decrease in digital asset prices and the ongoing bear market, many cybercriminal groups remain undeterred.
North Korean state-affiliated hacking groups were one of the most prolific actors in 2022, a record-breaking year for hacks with nearly $4 billion stolen. The marquee heist was $625 million from the Ronin Network, a sidechain built for the popular play-to-earn crypto game Axie Infinity. U.S. officials identified Lazarus, a North Korean group, as the culprit, and were able to recover nearly $30 million.
Despite the efforts of law enforcement agencies, as well as firms such as TRM Labs and Chainalysis, the North Korean government has continued to profit from crypto hacks: In June, the Wall Street Journal reported the nation had netted more than $3 billion over the last five years—stolen digital currency funded about 50% of the country’s ballistic missile program. (TRM Labs puts that figure at $2 billion.)
U.S. officials say the North Korean government relies on a workforce of thousands of IT workers operating from across the world, including in China and Russia, earning as much as $300,000 a year. The operations also rely on “front people” who will apply for jobs at crypto firms and then make small changes to products to allow them to be hacked, or slip malicious code to employees at targeted companies, as happened with Axie Infinity developer Sky Mavis.
Although the proceeds from North Korean crypto hacks are down around 75% so far in 2023 compared with last year, the country is still responsible for over 20% of all crypto stolen so far this year, according to TRM Labs.
The most lucrative hack in 2023 targeted a non-custodial wallet provider called Atomic Wallet. In early June, North Korean hackers stole around $100 million in cryptocurrency from over 4,100 individual addresses, likely through a phishing or supply chain attack, where hackers target third-party companies that provide services to a product.
In the Atomic Wallet attack, cybercriminals drained users’ wallets of assets across seven blockchains, including Ethereum and Bitcoin, swapping the tokens through decentralized exchanges and then laundering them through different techniques, including mixers.
With hacks still plaguing the crypto ecosystem, cybersecurity has become one of the most active areas for venture investment and development. Earlier this month, the crypto crime-fighting startup CAT Labs launched an initiative to push new cybersecurity standards with the aim of preventing exploits.