Hackers with connections to North Korea have pilfered over $200 million in digital currencies during 2023, making up 20% of the total crypto thefts this year, as revealed by an analysis conducted by blockchain research company TRM Labs.
This thievery is a fraction of the more than $2 billion plundered by online criminals over the past five years, involving 30 separate assaults on various crypto initiatives. A significant portion of these malicious activities has been directed at decentralized finance (DeFi) platforms, specifically aiming at cross-chain bridges.
The previous year marked a high point for these cyber thieves, with digital currencies worth more than $800 million being stolen. Among the major incidents were three attacks on DeFi platforms, one of which resulted in a $625 million loss from the Ronin Bridge in March. Techniques such as chain hopping and using mixers have been employed by North Korean hackers to launder the ill-gotten gains, followed by rapid conversion into cash via exchanges with lax KYC/AML requirements.
In a notable event in June, the criminals targeted Atomic Wallet users, successfully stealing an estimated $100 million in various digital currencies, including Bitcoin, Ethereum, Tron, XRP, Stellar, Dogecoin, and Litecoin. TRM Labs detailed how the stolen Ethereum was moved to controlled addresses using wrapped Ether (WETH) and then exchanged for wrapped Bitcoin (WBTC), eventually converted to Bitcoin and sent through mixing services to obscure the origin.
Evolving techniques and the importance of robust cybersecurity
The report from TRM Labs also highlights how North Korean hackers have refined their laundering methods on-chain, transitioning from straightforward cryptocurrency exchange usage to intricate, multi-tiered money laundering schemes. This adaptation has come in the face of intensified OFAC sanctions, heightened law enforcement scrutiny, and enhanced tracking abilities. Chain-hopping, where one form of digital asset is changed into another and shifted across various chains, has been a key method employed by hackers to conceal their activities.
TRM Labs stresses the necessity for strong cybersecurity protocols, including the use of hardware security modules for managing cryptographic keys, the whitelisting of addresses to restrict fund transfers to verified recipients, and the utilization of secure, offline storage for keys and passcodes. The responsibility of individual asset protection within the DeFi ecosystem is also accentuated.
The report’s findings bring to light the escalating danger of cybercrime in the realm of cryptocurrency, with a particular emphasis on the DeFi arena. The substantial sums stolen, coupled with the sophisticated methods employed by the criminals, underscore the pressing need for more stringent security protocols and regulatory supervision.
The concentration on DeFi platforms and the continual evolution of laundering strategies demonstrate the cybercriminals’ ability to adapt to regulatory constraints and technological progress.