State-backed hackers from North Korea stole cryptocurrencies worth about US$395 million last year across at least seven cyber attacks, according to Chainalysis, a blockchain data company.

Fast facts

  • Several of the attacks were likely led by Lazarus, a group of hackers believed to be backed by North Korea’s primary intelligence agency, the Reconnaissance General Bureau, according to the research firm.
  • “These attacks targeted primarily investment firms and centralized exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organizations’ internet-connected “hot” wallets into DPRK-controlled addresses,” wrote Chainalysis.
  • The stolen cryptocurrencies consisted mainly of Ethereum, at 58%, with Bitcoin accounting for 20%. The remaining 22% included ERC-20 tokens and altcoins.
  • The report said the socialist state was adopting multiple mixers to conceal the trail of the hacked crypto and cash out, often using DeFi platforms because many of them provided liquidity without requesting know-your-customer (KYC) information.  
  • Citing the United Nations Security Council, Chainalysis said North Korea — which is also believed to be sitting on US$170 million worth of unlaundered cryptocurrencies — was likely using the funds to support its WMD and ballistic missile programs.
  • Lazarus is the group suspected of being behind the hacking of Sony Pictures in 2014 and the WannaCry ransomware attack in May 2017.