3D printed models of people working on computers and padlock are seen in front of a displayed CYBER SECURITY words and binary code in this picture illustration taken, Feb. 1, 2022. REUTERS
The scale of virtual assets illegally stolen by North Korean hackers this year has reached 3 trillion won. This represents approximately a 1,300-fold increase over the past decade. In particular, North Korea appears to have stolen larger amounts this year with fewer hacking attempts.
According to a virtual asset crime report recently published by U.S. blockchain data analysis company Chainalysis on Dec. 20, the scale of virtual asset theft by North Korean hackers this year was $2.02 billion (3 trillion won), a 51% surge from $1.3 billion last year. This is a record high, representing approximately a 1,333-fold increase over nine years compared to $1.5 million in 2016 when Chainalysis first began its analysis. Particularly, considering that the scale of virtual asset theft and robbery incidents carried out by hackers worldwide, including North Korea, reached $3.4 billion through early this month, North Korea’s share was the highest at 76%.
Chainalysis estimated that the cumulative amount of virtual assets stolen by North Korea to date would be at least $6.75 billion (approximately 10 trillion won). Chainalysis stated, “North Korea is the most serious nation-state threat to virtual asset security,” adding, “Despite a sharp decrease in attack frequency this year, it has become a record year in terms of the amount stolen.”
According to the report, the main method used by North Korean hackers is infiltrating IT personnel within virtual asset service companies. It explains that they first secure access rights to systems and then increasingly use attacks that can carry out large-scale theft. The report stated, “What this year’s record increase in North Korean attacks suggests is a reflection of increased dependence on methods of infiltrating IT personnel into exchanges, custodial institutions, and Web3 companies,” adding, “This can accelerate securing initial access rights and internal spread ahead of large-scale hacking attacks.”
It was also found that they approach by impersonating investors or acquirers. This is a method of extracting sensitive system information and infrastructure access routes while conducting investment attraction meetings or false due diligence procedures.
North Korean hackers showed more covert and sophisticated movements than ordinary hackers in the process of laundering stolen virtual assets. For example, while money laundering associates in general hacking divide and transfer more than 60% of total funds in amounts of $1 million to $10 million for laundering, North Korean hackers were found to divide and transfer in much smaller amounts of less than $500,000, accounting for more than 60% of total stolen funds. Additionally, the report pointed out that they utilize cross-chain bridges to make asset movement between blockchains difficult to track and have high utilization rates of Chinese-based fund movement and guarantee services. Such money laundering processes were found to be completed within approximately 45 days.
The report stated, “These patterns suggest that North Korea operates under different constraints and objectives than cybercriminals who do not receive state support,” adding, “North Korea’s intensive use of Chinese-specialized money laundering services and over-the-counter (OTC) companies indicates that North Korean threat actors are closely linked with illegal actors throughout the Asia-Pacific region.”
The report stated, “North Korea continues to carry out attacks of much larger scale compared to other threat actors,” adding, “It is clear that North Korean hackers aim to target large-scale services and inflict maximum damage.”
North Korea’s virtual asset theft amount broke through $2 billion this year (blue bar graph), which corresponds to 76% (line graph) of the total virtual asset hacking theft amount that occurred this year. (Photo courtesy of Chainalysis)
