A new report unveiled by the United Nations in early February shows that North Korea stole more crypto in 2022 than it has in any other year.
North Korea Has Stolen a Lotta Crypto
North Korea has long sought to get its hands on illicit crypto and launder it so it can be used to fund its ever-growing nuclear program. The nation houses several hacking organizations such as Lazarus and has initiated attacks against regions in Asia, Europe, and even North America.
The report reads as follows:
(North Korea) used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance and to steal information of potential value, including to its weapons programs… A higher value of cryptocurrency assets was stolen by DPRK actors in 2022 than in any previous year.
At the time of writing, North Korea is denying that it’s taken part in any cyberattacks against other regions, yet the report says hackers from within the country have stolen as much as $630 million. Other estimates believe this number is much larger at more than $1 billion.
The report continues with:
The variation in USD value of cryptocurrency in recent months is likely to have affected these estimates, but [they] both show that 2022 was a record-breaking year for DPRK (North Korea) virtual asset theft. The techniques used by cyber threat actors have become more sophisticated, thus making tracking stolen funds more difficult.
The document says many of the attacks on other nations were carried out by North Korea’s primary intelligence bureau, meaning they were government funded and occurred through the hands of individuals acting within regulatory bounds. It stated:
These actors continued illicitly to target victims to generate revenue and solicit information of value to the DPRK including its weapons programs.
The attacks were carried out through a variety of means including malware and phishing attempts. In one such attack, employees at specific small and medium-sized companies were targeted. The report mentions:
Initial contacts with individuals were made via LinkedIn, and once a level of trust with the targets was established, malicious payloads were delivered through continued communications over WhatsApp.
Past Incidences
Last September, a mixer called Tornado that was allegedly being used in many of North Korea’s schemes was sanctioned by the U.S. government. A mixer is a device or service that basically mixes several cryptocurrency batches together (some or all have been garnered illicitly) to ensure prying eyes cannot decipher where they came from or who forwarded them.
In early 2022, a massive cyberattack was carried out on crypto gaming platform Axie Infinity. It’s estimated that more than $600 million in digital currency units were stolen from the company, and the culprit behind the attack is believed to have been North Korea.