North Korea’s notorious cybercriminal group, known as the Lazarus Group, has been involved in illicit activities involving the theft of cryptocurrency. A confidential United Nations report obtained by Reuters revealed that the group transferred millions of dollars worth of stolen cryptocurrency back to North Korea. In March 2023, the hackers took $147.5 million worth of cryptocurrency from a crypto exchange owned by TRON founder Justin Sun. A year later, they funneled the funds back to the isolated nation using the sanctioned crypto mixer, Tornado Cash.
The United Nations Security Council (UNSC) sanctions committee reported that they had been probing 97 suspected North Korean cyberattacks on cryptocurrency firms between 2017 and 2024, valued at approximately $3.6 billion. This indicates the scale and impact of North Korea’s cybercriminal activities on the cryptocurrency industry. Additionally, the report highlighted that North Korean IT workers abroad earn significant income for their country, further reinforcing the extent of their involvement in cybercrime.
The report also mentioned a New York Times article from February 6, which claimed that Russia had released $9 million out of $30 million in frozen North Korean assets and had permitted Pyongyang to open an account at a Russian bank in South Ossetia. This collaboration between North Korea and Russia raises concerns about facilitating better access to international banking networks, allowing for the movement of illicit funds across borders.
The Lazarus Group and other North Korean hackers have executed some of the most lucrative hacks in the crypto and DeFi sectors. Tornado Cash has been their preferred tumbler for laundering stolen funds. In 2022, the US sanctioned Tornado Cash for aiding North Korea, and in 2023, two of its co-founders were charged with facilitating over $1 billion in money laundering for cybercrime groups associated with North Korea. These actions highlight the sophistication and profitability of North Korea’s cybercriminal activities.
Despite a decrease in the total amount stolen in 2023 compared to 2022, North Korean hackers expanded their targeting of cryptocurrency platforms, reaching a record high of 20 hacks. Chainalysis estimated that the total stolen cryptocurrency amounted to just over $1 billion in 2023, with a focus on DeFi platforms, centralized services, exchanges, and wallet providers. The theft of approximately $429 million from DeFi platforms underscores the growing threat posed by North Korea’s cybercriminal activities.
The critical analysis of North Korea’s cybercriminal activities reveals the extent of their involvement in illicit activities, the collaboration with other countries for financial gain, and the impact on the cryptocurrency industry. The sophistication and profitability of their hacks highlight the need for enhanced cybersecurity measures and international cooperation to combat cybercrime effectively.
Leave a Reply