North Korean hackers show no mercy in 2023, pull off these crypto heists

• Hacks executed by North Korean attackers in 2023 were 10x larger than attacks by other actors.
• The sensational Atomic Wallet hack was the most significant crypto heist pulled off by North Korea in 2023.

The burgeoning crypto industry remained vulnerable to the nefarious designs of North Korean-linked hackers in 2023 according to a recent report. The investigation was carried out by blockchain fraud detection company TRM Labs. The organization divulged thefts to the tune of $200 million year-to-date, by malicious players sitting in the East Asian nation.

Although the size of the heists in 2o23 was significantly down from the disastrous 2022 – which saw illegal outflows of a whopping $800 million – the danger was far over. The alarming research highlighted that hacks executed by North Korean attackers in 2023 were 10x larger than attacks by other actors.

Source: TRM Labs

Understanding the motives

North Korea has existed as an international pariah ever since the bloody Korean War in the early 1950s. Due to its possession of weapons of mass destruction and alleged support to terrorist groups, the country has been at the receiving end of punishing economic sanctions by the West.

These tight restrictions have effectively blocked the doors to the global financial system for the country’s young and unemployed. As a result, many of them seek refuge in the anonymous world of cryptos.

Ningshuang Li, a China-based crypto educator and co-founder of crypto content platform CoinDada, told AMBCrypto,

“Cryptocurrencies offer a way to circumvent these traditional financial barriers because they operate on decentralized networks that don’t rely on state-backed institutions.”

Moreover, this also ends up being a low-risk, high-reward scenario for them. Li further added,

“With the right techniques, cybercriminals can execute attacks remotely, reducing the risk of direct physical confrontation or capture”.

A tale of daring thefts

Over the years, decentralized finance (DeFi) has emerged as one of the largest and most popular Web3 verticals. Hosting tons of liquidity, to be precise, nearly $63 billion as per DeFiLlama, this growing ecosystem has remained on the radar of North Korean attackers.

These unscrupulous players have stolen millions by exploiting vulnerabilities on cross-chain bridges, considered a big chink in DeFi’s armor. In fact, as per reports, cross-bridge hacks were responsible for the entire theft amount in 2022.

The report highlighted how the North Korean hacking ecosystem has been up to the task of growing sanctions, better law enforcement, and improved tracing abilities. Additionally, the latest thefts involve the use of more sophisticated laundering processes as compared to earlier thefts involving the direct use of cryptocurrency exchanges. The recent Atomic Wallet hack was one of them.

In June earlier this year, North Korean hackers drained out cryptos worth $100 million from the non-custodial Atomic Wallet. The notorious North Korean state-backed Lazarus Group may have been behind the hack.

The magnitude of the theft aside, the fact that a decentralized wallet provider was hit, stunned the entire crypto ecosystem. After all, these services champion the cause of self-custody and better security when compared with exchange custody. The attack was most likely phishing or a supply chain attack considering the nature of the exploit.

More recently, Lazarus group hackers intruded on an American IT company JumpCloud and exploited its capabilities to target cryptocurrency companies, as per a report by Reuters.

The weak links in DeFi

The growing menace of North Korean-linked crypto hacks was one of the main concerns which led the U.S. Senate to introduce a bill to regulate DeFi. The excerpts from the bill read,

“Criminals, drug traffickers, and hostile state actors such as North Korea have all demonstrated a propensity for using (DeFi) as a preferred method of transferring and laundering ill-gotten gains.”

The vulnerabilities of the DeFi landscape have not been lost on anyone. As per DeFiLlama, $6.89 billion of crypto assets have been siphoned out until the time of publication. In fact, the last month of July was the worst in 2023, recording thefts worth $238 million.

Source: DeFiLlama

Lior Lamesh, co-Founder and CEO of institutional self-custody platform GK8. said that like other businesses, the return of investment drives bad actors to commit these crimes.

“Hackers will spend millions to get their hands on billions. When it comes to irreversible protocols such as blockchain, if assets are stolen, there is no way back, so stealing crypto becomes an appealing target for hackers.”