According to US authorities, North Korean hackers have increasingly targeted the cryptocurrency sector to earn revenue in the face of international sanctions. Fraudsters have used a variety of tactics, from impersonating non-North Koreans in job interviews to installing ransomware, in order to generate revenue, researchers have found. Anne Neuberger, the US deputy homeland security adviser for cyber and emerging technologies, said in July that money stolen through hacking makes up about a third of the funding for Pyongyang’s weapons development programs.
The US Federal Bureau of Investigation last week blamed two North Korean cybercriminal groups for stealing $100 million in a June heist of the Harmony Bridge cryptocurrency service. The Lazarus Group, a specialized hacking unit that the FBI says is associated with North Korea’s General Reconnaissance Office, also stole some $600 million in March from a blockchain network connected to the popular video game Axie Infinity, according to US authorities reported.
Investigators later said they had recovered some $30 million that was stolen in the Axie Infinity heist, in what Chainalysis said was the first seizure of funds stolen by North Korea-linked hackers.
“While North Korea-linked hackers are undoubtedly sophisticated and pose a significant threat to the cryptocurrency ecosystem, the ability of law enforcement and national security agencies to strike back is growing,” Chainalysis wrote. Following the recovery of Axie Infinity, “we expect more such stories in the coming years, largely due to the transparency of the blockchain. When every transaction is recorded on a public ledger, it means law enforcement always have a trail to follow, even years after the fact, which is invaluable as investigative techniques improve over time.”
The report revealed that suspected North Korean groups heavily relied on mixing services, which allow their transactions to be masked, to launder stolen cryptocurrencies. Hackers almost exclusively used Tornado Cash to launder digital money until the US Treasury Department sanctioned the service in August.
Of all the cryptocurrencies stolen last year, $3.1 billion came from decentralized finance, or DeFi, protocols, according to Chainalysis. Attackers exploited hard-to-detect digital vulnerabilities in the DeFi infrastructure that underpins crypto projects, with a focus on bridging services. Of the $3.1 billion stolen from DeFi services, 64% came from interchain bridges, which allow users to convert one cryptocurrency into another, Chainalysis observed.