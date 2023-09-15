Cryptocurrency stolen by North Korea-linked hackers is down a whopping 80% from 2022 — but a blockchain forensics firm says it isn’t necessarily a sign of progress.

As of Sept. 14, 2023, North Korea-linked hackers have stolen a total of $340.4 million worth of cryptocurrency, down from a record $1.65 billion reported funds stolen in 2022.

Cryptocurrency funds stolen by North Korean-backed groups between 2016-2023. Source: Chainalysis

“The fact that this year’s numbers are down is not necessarily an indicator of improved security or reduced criminal activity,” Chainalysis said in a Sept. 14 report. “We must remember that 2022 set a dismally high benchmark.”

“In reality, we are only one large hack away from crossing the billion-dollar threshold of stolen funds for 2023.”

Over the past 10 days, North Korea’s Lazarus Group has been linked to two separate hacks — Stake ($40 million) on Sept. 4 and CoinEx ($55 million) on Sept. 12, combining for a loss of over $95 million.

With the latest two hacks, North Korea-linked attacks have made up for about 30% of all crypto funds stolen in hacks this year, noted Chainalysis.

Funds stolen from North Korean hacking groups vs others between 2016 and 2023. Source: Chainalysis

North Korea turns to dubious exchanges, mixers

Meanwhile, Chainalysis has found that North Korean hackers have become increasingly reliant on certain Russian-based exchanges to launder illicit funds over the last few years.

The firm said North Korea has been using various Russian-based exchanges since 2021. One of the largest laundering events involved $21.9 million in funds transferred from Harmony’s $100 million bridge hack on June 24, 2022.

United States-sanctioned cryptocurrency mixers Tornado Cash and Blender have also been used by Lazarus Group in the Harmony Bridge hack and other high-profile hacks committed by the group.

We’ve observed instances of DPRK-linked hackers sending funds to Russian services since 2021. But this year’s transfer of $21.9M stolen from Harmony to a high-risk Russian exchange is an escalation of that activity. You can see examples of some of those transactions below. pic.twitter.com/S9cDxlk9Hu — Chainalysis (@chainalysis) September 14, 2023

The United Nations is making an effort to curtail North Korea’s cybercrime tactics at the international level — as it is understood North Korea is using the stolen funds to support its nuclear missile program.

Meanwhile, the firm hopes increased smart contract audits will make life tougher for these hackers.

