In what Chainalysis has described as a “banner year” for North Korean cybercriminals, a report by the blockchain research firm has stated that nearly $400 million worth of digital assets were stolen in seven attacks in 2021.
This report explores how various investment companies and centralized exchanges were mainly targeted and strategies like code exploits, phishing, social engineering, and malware were used to steal funds from the “organizations’ internet-connected ‘hot’ wallets into DPRK-controlled addresses.”
Hot wallets are connected to the internet which makes them highly vulnerable to hacking. These wallets are not recommended. Experts advise that crypto should be stored in wallets that are disconnected from the internet.
Chainalysis thinks that several of these attacks implemented last year were done by the Lazarus Group, which is a hacking group that is believed to be controlled by the North Korean primary intelligence bureau, Reconnaissance General Bureau.
In the past, the Lazarus Group has been accused of involvement in the “WannaCry” ransomware attacks, and hacks of the international bank together with customer accounts and the Sony Pictures cyber-attacks in 2014.
Chainalysis also alleges that once the money was stolen, a “laundering cover-up and cash out” endeavor ensued. Between 2021 and 2021, the number of North Korean-linked hacks increased from four to seven, and the value obtained from these attacks grew by 40%.
Moreover, the report also shows that for the first time, Ether was the crypto that made up most of the funds that were stolen, standing at 58%. The report added:
“In 2021, only 20% of the stolen funds were Bitcoin, whereas 22% were either ERC-20 tokens or altcoins.”
That statement suggests that the variety of cryptos stolen can get attributed to North Korea’s laundering operation that is becoming more sophisticated.