According to blockchain monitoring firm Chainalysis, North Korea launched at least seven attacks against cryptocurrency platforms last year, resulting in the extraction of roughly $400 million in digital assets, making it one of its most successful years on record.
“From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%,” said the report, which was released on Thursday.
“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” the report added.
Pyongyang is accused of using stolen funds to boost its nuclear and ballistic missile programs, according to a UN panel of experts monitoring sanctions on North Korea.
North Korea has previously issued statements disputing charges of hacking, but has not responded to media enquiries.
Last year, the US charged three North Korean computer programmers working for the country’s intelligence service with a multi-year hacking spree aimed at stealing more than $1.3 billion in cash and cryptocurrency from businesses ranging from banks to movie studios.
According to the research, the attackers employed phishing lures, code exploits, malware, and advanced social engineering to siphon money out of these businesses’ internet-connected ‘hot’ wallets and into North Korean-controlled accounts.
Many of last year’s attacks were likely carried out by the Lazarus Outfit, a US-sanctioned hacker group that claims to be directed by North Korea’s main intelligence department, the Reconnaissance General Bureau.
The gang has been accused of being involved in the “WannaCry” ransomware attacks, hacking of multinational banks and customer accounts, and the Sony Pictures Entertainment cyber-attacks in 2014.
North Korea also looked to increase its efforts to launder stolen cryptocurrency, according to Chainalysis, by considerably expanding its usage of mixers, which are software tools that pool and scramble money from hundreds of addresses.
According to the article, analysts discovered $170 million in old, unwashed cryptocurrency assets from 49 separate attacks between 2017 and 2021.
According to the report, it’s unknown why the hackers are still holding on to the assets, but they could be expecting to outsmart law enforcement before cashing out.
“Whatever the reason may be, the length of time that (North Korea) is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one,” Chainalysis concluded.