{"id":1107,"date":"2022-01-14T05:34:55","date_gmt":"2022-01-14T05:34:55","guid":{"rendered":"https:\/\/www.cryptoheretostay.com\/?p=1107"},"modified":"2022-01-14T05:34:55","modified_gmt":"2022-01-14T05:34:55","slug":"north-korean-hackers-are-sitting-on-170-million-worth-of-unlaundered-crypto","status":"publish","type":"post","link":"https:\/\/cryptoheretostay.com\/?p=1107","title":{"rendered":"North Korean hackers are sitting on $170 million worth of unlaundered crypto\u00a0"},"content":{"rendered":"<p> <script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"crypto\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n<\/p>\n<p>Cybercriminals for the Democratic People\u2019s Republic of Korea (DPRK) affirmed themselves as an advanced persistent threat to the cryptocurrency industry in 2021, Chainalysis reported.<\/p>\n<p>According to the blockchain-based data platform which supports government and private sectors in detecting and preventing the illicit use of cryptocurrencies, North Korean hackers stole $400 million worth of crypto last year, while the amount of total unlaundered funds stockpiled to an all-time high (ATH).<\/p>\n<h2><strong>\u201cLazarus Group\u201d<\/strong><\/h2>\n<p>Targeting primarily investment firms and centralized exchanges, North Korean hackers launched at least seven attacks on cryptocurrency platforms\u2013extracting almost $400 million worth of crypto in 2021.<\/p>\n<p>While, compared to 2020, the number of attacks jumped from four to seven, the value extracted grew by 40%.<\/p>\n<p>North-Korean hacks over time (Chainalysis)<\/p>\n<p>To siphon funds out of these organizations\u2019 \u201chot\u201d wallets into DPRK-controlled addresses, cybercriminals used phishing lures, code exploits, malware, and advanced social engineering.\u00a0\u00a0<\/p>\n<p>Once North Korea gained custody of the stolen crypto, they used careful laundering tactics to cover up and cash out the funds.\u00a0<\/p>\n<p>\u201cThese complex tactics and techniques have led many security researchers to characterize cyber actors for the DPRK as advanced persistent threats (APTs),\u201d the report noted, adding this is particularly true for APT 38, aka the \u201cLazarus Group,\u201d led by DPRK\u2019s primary intelligence agency, the US and UN-sanctioned Reconnaissance General Bureau<\/p>\n<p>From 2018 on, Lazarus Group stole and laundered massive sums of cryptocurrencies each year\u2013typically exceeding $200 million.\u00a0<\/p>\n<p>\u201cThe most successful individual hacks, one on KuCoin and another on an unnamed cryptocurrency exchange, each netted more than $250 million alone,\u201d read the report, noting that, according to the UN security council, the revenue from the hacks supports North Korea\u2019s WMD and ballistic missile programs.<\/p>\n<h2><strong>Laundering process<\/strong><\/h2>\n<p>In 2021, in terms of dollar value, Ethereum for the first time ever accounted for the majority of crypto stolen by DPRK, while Bitcoin accounted for only 20%, and ERC-20 tokens and altcoins accounted for 22% of the funds.\u00a0<\/p>\n<p>Share of stolen crypto funds by coin type over time (Chainalysis)<\/p>\n<p>The growing variety of cryptocurrencies stolen led to the increased complexity of DPRK\u2019s crypto laundering, according to Chainalysis, which broke down the sophisticated process into several steps, observing an increased use of \u2018mixers\u2019 among North-Korean hackers in 2021.<\/p>\n<p>These software tools enable hackers to pool and shuffle cryptocurrencies from thousands of addresses and vastly complicate the tracking of transactions.<\/p>\n<p>Chainalysis explained the currently used tactics based on one of the past years\u2019 attacks\u2013resulted in $91.35 million in crypto laundered.<\/p>\n<p>In August, Liquid.com reported that an unauthorized user had gained access to some of the wallets managed by the crypto exchange. In the attack, 67 different ERC-20 tokens, along with large sums of Ethereum and Bitcoin were moved from these crypto wallets to addresses controlled by a party working on behalf of DPRK.\u00a0<\/p>\n<p>In a typically used laundering process, ERC-20 tokens and altcoins are swapped for Ethereum at DEXs.<\/p>\n<p>Laundering process visualization in Chainalysis Reactor: Stolen ERC-20 tokens swapped for Ethereum at DEXs (Chainalysis)<\/p>\n<p>In the next step, Ethereum is mixed and swapped for Bitcoin on DEXs and CEXs.<\/p>\n<p>Laundering process visualization in Chainalysis Reactor: Mixed Ethereum deposited at DEXs and CEXs to swap for Bitcoin (Chainalysis)<\/p>\n<p>Finally, Bitcoin is mixed and consolidated into new wallets\u2013after which it gets sent to deposit addresses at crypto-to-fiat exchanges based in Asia.<\/p>\n<p>Laundering process visualization: Bitcoin is mixed, consolidated into new wallets, and deposited at crypto-to-fiat exchange services for cash out (Chainalysis)<\/p>\n<p>According to the report, more than 65% of DPRK\u2019s stolen funds were laundered through mixers in 2021, up from 42% in 2020.<\/p>\n<p>Chainalysis describes DPRK\u2019s use of multiple mixers as a \u201ccalculated attempt to obscure the origins of their ill-gotten cryptocurrencies while off ramping into fiat.\u201d\u00a0<\/p>\n<p>Meanwhile, DPRK hackers resort to DeFi platforms like DEXs to \u201cprovide liquidity for a wide range of ERC-20 tokens and altcoins that may not otherwise be convertible into cash.\u201d\u00a0<\/p>\n<p>Swapping these cryptos for Ethereum or Bitcoin makes them not only more liquid, but opens up a greater choice of mixers and exchanges.\u00a0<\/p>\n<p>Being non-custodial, DeFi platforms often don\u2019t collect know-your-customer (KYC) information, which enables hackers to use their services without having their assets frozen or their identities exposed, according to Chainalysis.<\/p>\n<h2><strong>Unlaundered funds stockpiling<\/strong><\/h2>\n<p>\u201cChainalysis has identified $170 million in current balances\u2013representing the stolen funds of 49 separate hacks spanning from 2017 to 2021\u2013that are controlled by North Korea but have yet to be laundered through services,\u201d read the report.<\/p>\n<p>The report revealed massive unlaundered balances as much as six years old\u2013approximately $35 million of DPRK\u2019s total holdings came from attacks in 2020 and 2021, while more than $55 million came from attacks carried out in 2016.<\/p>\n<p>Balances held by DPRK by year of attacks (Chainalysis)<\/p>\n<p>\u201cIt\u2019s unclear why the hackers would still be sitting on these funds, but it could be that they are hoping law enforcement interest in the cases will die down, so they can cash out without being watched,\u201d read the report, adding that whatever the reason \u201cthe length of time that DPRK is willing to hold on to these funds is illuminating because it suggests a careful plan, not a desperate and hasty one.\u201d\u00a0<\/p>\n<p><h2>CryptoSlate Newsletter<\/h2>\n<\/p>\n<p>Featuring a summary of the most important daily stories in the world of crypto, DeFi, NFTs and more.<\/p>\n<h2>Get an edge on the cryptoasset market<\/h2>\n<p>Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.<\/p>\n<p>  <strong>On-chain analysis<\/strong><\/p>\n<p>  <strong>Price snapshots<\/strong><\/p>\n<p>  <strong>More context<\/strong><\/p>\n<p> Join now for $19\/month Explore all benefits<br \/>\n<br \/><script type=\"text\/javascript\">\r\namzn_assoc_placement = \"adunit0\";\r\namzn_assoc_tracking_id = \"totafreearti-20\";\r\namzn_assoc_ad_mode = \"search\";\r\namzn_assoc_ad_type = \"smart\";\r\namzn_assoc_marketplace = \"amazon\";\r\namzn_assoc_region = \"US\";\r\namzn_assoc_default_search_phrase = \"bitcoin\";\r\namzn_assoc_default_category = \"All\";\r\namzn_assoc_search_bar = \"false\";\r\namzn_assoc_title = \"\";\r\namzn_assoc_rows =\"1\";\r\n<\/script>\r\n<script src=\"\/\/z-na.amazon-adsystem.com\/widgets\/onejs?MarketPlace=US\"><\/script><br \/>\n<br \/><a href=\"https:\/\/cryptoslate.com\/north-korean-hackers-are-sitting-on-170-million-worth-of-unlaundered-crypto\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybercriminals for the Democratic People\u2019s Republic of Korea (DPRK) affirmed themselves as an advanced persistent threat to the cryptocurrency industry in 2021, Chainalysis reported. According to the blockchain-based data platform which supports government and private sectors in detecting and preventing the illicit use of cryptocurrencies, North Korean hackers stole $400 million worth of crypto last [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1108,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wp_rev_ctl_limit":""},"categories":[3],"tags":[],"class_list":["post-1107","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethereum-news"],"_links":{"self":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/1107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1107"}],"version-history":[{"count":1,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/1107\/revisions"}],"predecessor-version":[{"id":1109,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/posts\/1107\/revisions\/1109"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=\/wp\/v2\/media\/1108"}],"wp:attachment":[{"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoheretostay.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}