North Korean Hackers Stole $600 Million in Cryptocurrency


The Democratic People’s Republic of Korea (DPRK) has reportedly stolen nearly $600 million in cryptocurrency in 2023.

Additionally, there have also been reports stating that the last final days of the year also had evidence of cyberattacks, which, if confirmed, could increase the toll to $700 million.

The DPRK has stolen over $1.5 billion in cryptocurrency within two years. However, compared to 2022, there has been a 30% reduction in crypto stealing. Moreover, the DPRK has stolen a massive $3 billion in cryptocurrency since 2017. The attacks conducted by the DPRK are 10 times more impactful than a normal cyberattack.

Trends of DPRK since 2017 (Source: TRM Labs)

Attack Vector, Crypto Stealing, and Money Laundering

According to the reports shared with Cyber Security News, the DPRK has been attacking victims by compromising private keys and seed phrases, which are the key security elements for digital wallets. 

Once they take control of the wallet, they transfer illicit funds to their wallet addresses, which are exchanged for USDT or Tron. These swapped digital assets were converted to hard currency using high-volume OTC (over-the-counter) brokers. 

Their money laundering methods are continuously evolving to evade international law enforcement pressure. Initially, the DPRK was utilizing Tornado Cash and ChipMixer to obfuscate their illicit funds with other legitimate funds, providing anonymity. 

They also changed their obfuscation platform to BTC service Sinbad, sanctioned by the OFAC (Office of Foreign Assets Control) in November 2023. This threat group is considered one of the most notorious groups and must be monitored vigilantly. There is a higher probability of further attacks from this threat group in 2024.

Over the past two years, North Korea has successfully stolen close to USD 1.5 billion through its advanced hacking capabilities. This highlights the need for businesses and governments to remain constantly vigilant and innovative in their approach to cybersecurity.

It is recommended that every organization take additional precautions to protect their assets and apply regular security patches to all devices.



Source link