- After dipping in 2019, the number of North Korean-linked hacks grew in 2020 and 2021.
- Ether accounted for about 60% of the funds stolen in 2021.
- Many of these attacks were likely carried out by the Lazarus Group linked to the WannaCry ransomware attack.
North Korea stole nearly $400 million worth in cryptocurrency in 2021, making it a “banner year” for the country’s cybercriminals, according to blockchain analysis firm Chainalysis.
The attacks were targeted at investment firms and centralized exchanges, Chainalysis said in a report released on Thursday. Ether accounted for about 60% of the funds stolen last year, while bitcoin made up just 20% of the pilfered cryptocurrencies.
“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” said the report.
After dipping in 2019, the number of North Korean-linked hacks grew in 2020 and 2021, with the value extracted from these hacks growing by 40%, Chainalysis noted.
attack in 2017 and another major attack on Sony Pictures in 2014.
But the group has since concentrated its efforts on cryptocurrency crime, stealing and laundering virtual currencies over $200 million in value each year, said Chainalysis.
Chainalysis also identified $170 million in current balances that are controlled by North Korea but have yet to be laundered — one-third or $55 million of the amount was from attacks carried out in 2016, “meaning that DPRK has massive unlaundered balances as much as six years old,” referring to the country by its official name, the Democratic People’s Republic of Korea.
“It’s unclear why the hackers would still be sitting on these funds, but it could be that they are hoping law enforcement interest in the cases will die down, so they can cash out without being watched,” said Chainalysis.
“Whatever the reason may be, the length of time that DPRK is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one,” the analysis firm added.
North Korea has routinely denied hacking allegations.