North Korean Hackers’ Crypto Theft: Uncovering $600 Million in 2023
TRM Labs, a blockchain intelligence firm, revealed that roughly 33% of cryptocurrency stolen via hacks in 2023 was linked to groups associated with the Democratic People’s Republic of Korea (DPRK).
In their report, TRM Labs estimated that North Korean hackers might have obtained up to $700 million in cryptocurrency during 2023, with $600 million confirmed by their research. They highlighted the DPRK’s evolving money laundering methods, which aimed to sidestep international law enforcement pressure. Hackers typically compromised users’ private keys or seed phrases, then transferred funds to DPRK-controlled wallets and converted the assets to Tether or Tron.
TRM Labs emphasized the need for ongoing vigilance and innovation from businesses and governments due to North Korea’s significant cyber-activity. Despite advancements in cybersecurity and international collaboration, they expected further disruptions in 2024 from these highly prolific cyber threats.
The report revealed that the DPRK emerged as a major player in crypto thefts, accounting for nearly one-third of stolen funds, a decrease from their $850 million haul in 2022. North Korean-linked hacks were ten times more impactful than others. Since 2017, actors linked to Pyongyang have siphoned off nearly $3 billion in cryptocurrencies.
North Korean hackers primarily breached digital wallets by obtaining private keys and seed phrases, diverting victims’ assets to North Korean-controlled addresses. They converted these assets, mainly USDT or Tron, into traditional currency through high-volume over-the-counter (OTC) brokers.
Over the past two years, DPRK hackers reportedly stole around $1.5 billion.
Last month, U.S., South Korean, and Japanese officials met to discuss North Korea’s cryptocurrency thefts in the context of its nuclear and ballistic missile programs.
The White House elaborated that National Security Advisors reviewed ongoing trilateral initiatives, including consultations on regional crises, sharing ballistic missile defense data, and countering DPRK’s use of cryptocurrency for its unlawful weapons programs.
In 2022, North Korean hackers used counterfeit Coinbase job offers to target cryptocurrency experts as part of their broader cybercrime strategy.
Moreover, Tornado Cash founders faced indictments last year for laundering over $1 billion, including funds for the Lazarus Group, a North Korean state-backed hacking group under sanctions.
U.S. Attorney General Merrick B. Garland highlighted the intent of the scheme to facilitate criminals in laundering and concealing funds using cryptocurrency, including laundering hundreds of millions for the sanctioned North Korean cybercrime group. The United States Treasury Department imposed sanctions on individuals and hacking groups allegedly tied to North Korea, including Lazarus. Following sanctions against cryptocurrency mixers Tornado Cash and Sinbad, TRM Labs reported that the DPRK explored alternative laundering methods.
CertiK reported on January 3 that there were roughly 751 breaches in 2023, resulting in the loss of over $1.8 billion in crypto, one-third of which DPRK hackers were purportedly responsible for. The Ethereum network recorded the highest losses, amounting to $686 million across 224 incidents.
U.S. officials frequently cite digital assets as reasons for imposing sanctions on certain entities, such as the terrorist group Hamas after its October 7 attack on Israel. Cryptocurrency mixers have also been a focal point for lawmakers, who argue that the technology primarily serves illicit purposes.