Last year, North Korean cybercriminals launched at least seven attacks on bitcoin exchanges. According to Chainalysis, a blockchain analytics firm, these hacks netted about $400 million in digital assets.
In a blog post, the Chainalysis team stated, “Once North Korea obtained ownership of the assets, they initiated a careful laundering operation to cover up and pay out.”
In 2020, there were only four hacks linked to North Korea, compared to seven in 2021. According to Chainlaysis, the value of these hacks increased by 40% between 2020 and 2021. It’s worth mentioning, though, that the price of Bitcoin increased by 303 percent from 2020 to 2021, while the price of Ethereum, the second-largest crypto asset by market capitalization, increased by 472 percent.
According to Chainalysis, Bitcoin now accounts for less than a quarter of North Korean stolen cryptocurrency—in fact, Bitcoin currently accounts for only 20% of these stolen cash when assessed in dollar value.
Ethereum, on the other hand, accounts for the great majority of the Hermit Kingdom’s stolen assets. Ethereum now accounts for 58 percent of North Korea’s stolen digital money.
This, in turn, sheds light on the methods used by North Korea to launder stolen cryptocurrency funds.
According to Chainalysis, the process begins with a decentralized exchange swapping Ethereum-based ERC-20 tokens and other cryptocurrencies for Ethereum (ETH). The Ethereum is then sent through a “mixer,” which according to Chainalysis is “software tools that pool and scramble cryptocurrency from thousands of addresses.” These monies are subsequently exchanged for Bitcoin, mixed again, and then aggregated into a new wallet.
The mixed Bitcoin is then transmitted to deposit addresses at exchanges where it may be converted into fiat cash, which are mainly located across Asia.
In 2021, over 65 percent of North Korea’s stolen monies were laundered using mixers, demonstrating how important this strategy is to the regime’s illicit crypto enterprise. In 2020 and 2019, that percentage was only 42% and 21%, respectively.
The August 19 hack of Liquid.com, a crypto exchange, saw 67 distinct ERC-20 tokens—as well as some Bitcoin and Ethereum—moved to addresses controlled by North Korean-affiliated entities, making it one of the year’s highlights.
LAZARUS GROUP
The Lazarus Group, managed by North Korea’s top intelligence agency, the Reconnaissance General Bureau, is the most well-known state-backed cybercriminal organization at its disposal.
Following North Korea’s WannaCry and Sony Pictures cyber strikes, the Lazarus Group became well-known.
“Every year since 2018, the organization has stolen and laundered huge sums of virtual currency, generally in excess of $200 million,” according to Chainalysis.
Lazarus Group has also targeted KuCoin, a famous cryptocurrency exchange, for their efforts, putting up about $250 million in cryptocurrencies.
UNLAUNDERED FUNDS
According to Chainalysis’ analysis, 49 distinct hacks spanning 2017 to 2021 resulted in $170 million in stolen cryptocurrency from North Korea.
These monies have not yet been cleaned up. In fact, North Korea now has almost $55 million in cash from strikes dating back to 2016.
“It’s unclear why the hackers are still sitting on these funds, but it’s possible they’re hoping law enforcement interest in the cases will fade away, allowing them to cash out without being watched,” Chainlaysis said, adding that North Korea’s holding of the funds “suggests a careful plan, not a desperate and hasty one.”
NEXT STEPS
North Korea has been dubbed a “country that fosters cryptocurrency-enabled crime on a global scale” by Chainlaysis, owing to the vast quantity of laundered and unlaundered funds in its possession.
Furthermore, Chainalysis claims that North Korea’s government has “cemented itself as an advanced persistent danger to the cryptocurrency business in 2021” through Lazarus Group or others.
Despite this, the crypto analytics platform believes that the “inherent transparency of many cryptocurrencies” may offer a solution.
“With blockchain analytical tools, compliance teams, criminal investigators, and hack victims may track stolen monies, recover assets, and hold bad actors accountable for their crimes.”