North Korean Hacker Group Steals $3 Billion in Crypto Assets in Six Years

Recently, a report released by a cybersecurity agency revealed a shocking fact: hacker groups associated with North Korea have stolen up to $3 billion in Crypto Assets over the past six years.

The report indicates that in just 2022, the organization plundered $1.7 billion in crypto assets, which are likely to be used to support various plans in North Korea. A blockchain data analysis company stated that $1.1 billion of this was stolen from decentralized finance (DeFi) platforms. The U.S. Department of Homeland Security also emphasized the organization’s use of DeFi protocols in a report last September.

This hacker group specializes in fund theft. In 2016, they hacked the Bangladesh Central Bank and stole $81 million. In 2018, they attacked a Japanese crypto assets exchange, stealing $530 million, and stole $390 million from the Malaysian Central Bank.

Since 2017, North Korea has targeted the encryption industry as a primary objective for cyber attacks. Prior to this, North Korea hijacked the SWIFT network to steal funds from financial institutions. This behavior has attracted significant attention from international organizations, prompting financial institutions to strengthen their cybersecurity defenses.

In 2017, as crypto assets gradually became mainstream, North Korean hackers shifted their focus from traditional finance to this new type of digital asset. They initially targeted the South Korean crypto market and subsequently extended their influence globally.

In 2022, North Korean hackers were accused of stealing approximately $1.7 billion in Crypto Assets, a figure that represents about 5% of North Korea's domestic economic scale or 45% of its military budget. This number is also nearly 10 times the value of North Korea's exports in 2021.

The way North Korean hackers operate in the Crypto Assets industry is often similar to traditional cybercrime that utilizes encryption mixers, cross-chain transactions, and fiat over-the-counter trading. However, with a nation backing them, they are able to scale their thefts to levels that traditional cybercrime groups cannot reach.

Data shows that approximately 44% of stolen Crypto Assets in 2022 were related to North Korean Hacker activities.

North Korean hackers target not only exchanges, but also individual users, venture capital firms, and other technologies and protocols have been attacked. All institutions and individuals in the industry may become potential targets, thus providing financial support to the North Korean government.

Practitioners in the crypto industry, exchange operators, and entrepreneurs should be aware that they could become targets of hacker attacks. Traditional financial institutions should also closely monitor the activities of North Korean hacker groups. Once crypto assets are stolen and converted into fiat currency, the funds are transferred between different accounts to obscure their origin. Typically, stolen identities and altered photos are used to bypass anti-money laundering and Know Your Customer ( AML/KYC ) verification.

Since most of the intrusions by North Korean Hacker groups start with social engineering and phishing activities, organizations should train employees to monitor such activities and implement strong multi-factor authentication, such as passwordless authentication compliant with the FIDO2 standard.

North Korea has clearly regarded the continuous theft of Crypto Assets as a major source of income to fund its military and weapons programs. In recent years, both the amount of stolen Crypto Assets and the number of missile launches have significantly increased. Without stricter regulations, cybersecurity requirements, and investments in the cybersecurity of Crypto Assets companies, North Korea is almost certain to continue using the Crypto Assets industry as a source of additional revenue for the state.

In July of this year, a U.S. enterprise software company announced that its network had been breached. Researchers indicated that the group responsible for this attack is likely a North Korean hacker organization focused on encryption. In August, the Federal Bureau of Investigation (FBI) released a notice stating that the North Korean hacker organization was involved in multiple hacking incidents, stealing a total of $197 million in Crypto Assets. These funds have allowed the North Korean government to continue operations under strict international sanctions and to finance up to 50% of its ballistic missile program costs.

To prevent cyber attacks from North Korea, experts recommend:

1. Enable multi-factor authentication ( MFA ), use hardware devices to enhance security.
2. Enable all available MFA settings for the Crypto Assets exchange.
3. Verify the authenticity of social media accounts.
4. Verify the legality of transactions and be cautious of free Crypto Assets or NFT promotional activities.
5. Check official sources to avoid falling into phishing traps.
6. Carefully check the URL to ensure you are accessing the official website.
7. Use a hardware wallet to provide an additional layer of security.
8. Only use trusted decentralized applications ( dApps ) to verify smart contract addresses.
9. Be cautious of deals that seem too good to be true.

By taking these measures, Crypto Assets users and companies can better protect themselves from North Korean Hacker attacks.