Reduction in North Korean Crypto Hacking by 80%, but the Landscape Remains Unpredictable: Chainalysis

North Korean Crypto Theft Drops 80% in 2023, But Caution Prevails: Chainalysis

Cryptocurrency pilfered by malicious actors affiliated with North Korea has seen a significant 80% decrease in 2023 compared to the previous year, falling from $1.7 billion to $340.4 million. However, blockchain forensics firm Chainalysis cautions against interpreting this decline as a sign of enhanced security or diminished criminal activity, emphasizing that the exceptionally high benchmark set in 2022 skews the perspective.

As of September 14, North Korea-linked hackers had managed to siphon off a total of $340.4 million in cryptocurrency, marking a substantial drop from the record-breaking $1.65 billion stolen in 2022.

Chainalysis, in a report dated September 14, underscores that the reduction in this year’s figures should not be misconstrued as an indication of progress. Instead, it is crucial to recognize that the preceding year had established an alarmingly elevated baseline for illicit cryptocurrency activities.

Over the past ten days, the Lazarus Group, a hacking entity associated with North Korea, was linked to two separate cyberattacks—Stake ($40 million) on September 4 and CoinEx ($55 million) on September 12—resulting in cumulative losses exceeding $95 million. Notably, North Korea-linked attacks have accounted for approximately 30% of all cryptocurrency funds stolen in hacking incidents this year, as highlighted by Chainalysis.

Erin Plante, Vice President of Investigations at Chainalysis, emphasized the ongoing threat posed by the prolific cybercriminals of the Lazarus Group and the national security concerns they raise. She suggested that cryptocurrency companies should focus on training their employees to counter the social engineering tactics commonly employed by these hacker groups, citing the trusting and careless tendencies of human nature as key vulnerabilities exploited by these attackers.

Furthermore, Chainalysis has observed that North Korean hackers have increasingly relied on specific Russian-based cryptocurrency exchanges for laundering illicit funds in recent years. The firm noted that North Korea has been engaging with various Russian exchanges since 2021. One notable money laundering operation involved the transfer of $21.9 million in funds from the Harmony Bridge hack, which amounted to $100 million on June 24, 2022.

In addition to Russian exchanges, United States-sanctioned cryptocurrency mixers such as Tornado Cash and Blender have also been used by the Lazarus Group in various high-profile hacks, including the Harmony Bridge hack. These findings shed light on North Korea’s utilization of stolen cryptocurrency funds to support its nuclear missile program, prompting efforts by the United Nations to counter North Korea’s cybercrime tactics on an international scale.

Chainalysis hopes that the implementation of increased smart contract audits will pose a greater challenge to hackers, particularly those affiliated with North Korea, as they seek to launder illicit gains and evade detection.