Threat actors linked to the Democratic People’s Republic of Korea (also known as North Korea) have laundered at least $600 million in cryptocurrency in 2023.
Blockchain analytics firm TRM Labs said last week that the DPRK “was responsible for nearly a third of all funds stolen in crypto attacks last year, despite a 30% reduction from USD 850 million in 2022.”
“Hacks by the DPRK were on average ten times more damaging than attacks not linked to North Korea.”
There are indications that additional breaches targeting the crypto sector could increase this figure to approximately $700 million by the end of 2023.
It is nothing new for North Korean state-sponsored actors to target cryptocurrency companies, having stolen approximately $3 billion since 2017.
These economically motivated attacks are seen as an important revenue-generating mechanism for the sanctions-hit nation, funding its weapons of mass destruction (WMD) and ballistic missile programs.
The intrusions leverage social engineering to lure targets and typically aim to compromise private keys and seed phrases – which are used to safeguard digital wallets – and then use them to gain unauthorized access to the victims’ assets and transfer them to wallets under the threat actor’s control.
“They are then mostly swapped for USDT or TRON and converted into hard currency using high-volume OTC brokers,” TRM Labs said.
The company further noted that DPRK hackers continued to explore other money laundering tools after the U.S. Treasury Department sanctioned a crypto mixer service known as Sinbad for processing a chunk of their proceeds, indicating constant evolution despite law enforcement pressure.
“With approximately US$1.5 billion stolen over the past two years, North Korea’s hacking capabilities demand continued vigilance and innovation from businesses and governments,” TRM Labs said.