- North Korea enjoyed another year of “prolific” hacks according to Chainalysis
- The blockchain analytics firm found that the regime hacked its was to some $400 million worth of crypto in 2021
- The state-backed Lazarus group is thought to still be behind the vast majority of hacks
North Korea enjoyed a “prolific” 2021 in terms of cryptocurrency hacks according to blockchain analysis firm Chainalysis, with the regime stealing nearly $400 million last year. The rogue state, which U.S. authorities say sanctions the Lazarus hacking group to carry out the hacks, is thought to still be putting the money towards its weapons programs. The latest data continues a pattern that dates back to the mid 2010s when North Korea began targeting the cryptocurrency sector.
North Korea Targeted Investment Firms and Exchanges
North Korea’s state-backed hacking groups, which the regime has consistently denied work on its orders, are known to have been one of the most prolific hackers of exchanges for many years, and Chainalysis found that their efforts did not taper in 2021.
Chainalysis reports that North Korean attacks primarily targeted investment firms and centralized exchanges in 2021, making use of “phishing lures, code exploits, malware, and advanced social engineering” to steal funds from hot wallets into addresses controlled by the government.
Chainalysis adds that a “careful laundering process” is usually entered into after the funds have been secured in order to cover up the source of the funds and cash them out.
Lazarus Still Leading the Charge
The primary group that carries out these attacks is, unsurprisingly, still the Lazarus group, which has been responsible for some of the biggest malware attacks and other hacks of all time, including the Wannacry and Sony Pictures hacks.
The news that North Korea is able to get its hands on hundreds of millions of dollars every year will concern countries that have placed sanctions on the regime, such as the U.S., especially as the UN security council has evidence that the revenue generated from these hacks goes to support North Korea’s WMD and ballistic missile programs.
Discussion about this post