North Korean hackers took $400M in 2021, mainly ETH: Chainalysis

North Korean crypto hackers siphoned off almost $400 million in crypto through cyber attacks in 2021 according to brand-new information from Chainalysis.


The kind of crypto taken has actually likewise seen a total change according to the Jan. 13 report from the blockchain analytics company. In 2017, BTC represented almost all the crypto taken by the DPRK, however it now represents simply one fifth:

“In 2021, only 20% of the stolen funds were Bitcoin, whereas 22% were either ERC-20 tokens or altcoins. And for the first time ever, Ether accounted for a majority of the funds stolen at 58%.”

The report specified that attacks in 2021 from North Korea (DPRK) mainly targeted “investment firms and centralized exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering” to maliciously get the funds.

Stolen cryptocurrency is thought to be utilized by the DPRK to avert financial sanctions and to assist fund nuclear weapons and ballistic rocket programs, according to a UN Security Council report.

The danger that the DPRK provides to worldwide crypto platforms has actually ended up being ever-present. Chainalysis now describes hackers from the Hermit Kingdom, such as Lazarus Group, as innovative consistent risks (APT). These risks have actually been on the boost over the previous 3 years, following the all-time high of over $500 million in crypto taken in 2018.

Chainalysis reported that the funds were carefully washed. Methods variety from chain hopping, the ‘Peel Chain’ approach, and more just recently the hackers have actually utilized a complex system of coin swaps and blending.

Related: LCX loses $6.8M in a hot wallet compromise over Ethereum blockchain

Mixers were utilized on over 65% of the funds taken in 2021, which is a 3-fold boost because 2019. A mixer is a software-based personal privacy system that enables users to conceal the source and location of the coins they send out. Decentralized exchanges (DEX) are significantly chosen by hackers because they are permissionless and have adequate liquidity for coins to be switched at the user’s will.

Chainalysis utilized the Aug. 19, 2021 hack at in which $91 million in crypto was taken as an example of the normal method which DPRK hackers wash funds. They initially switched ERC-20 coins for Ether (ETH) at decentralized exchanges. Then the ETH was sent out to a mixer and switched for Bitcoin (BTC), which was likewise blended. Finally, BTC was sent out from the mixer to centralized Asian exchanges as a most likely fiat off-ramp.