TRM Labs estimates that North Korean hackers have stolen $200 million of cryptocurrency in 2023 alone.
North Korean hackers continue to threaten the broader cryptocurrency ecosystem,
having stolen an estimated $2 billion of crypto over the past five years.
Blockchain intelligence firm TRM Labs released its latest deep dive into
the murky world of cryptocurrency-related hacking, focusing on the exploits of North Korean cybercriminals. According to TRM Labs’ data,
North Korea has stolen around $200 million of crypto in 2023, accounting for 20% of all stolen funds this year.
North Korean cyberattacks are estimated to be 10 times larger
than attacks by other malicious actors. Hackers from the country have also honed in on the decentralized finance (DeFi)
ecosystem, preying on cross-chain bridges that continue to handle a significant volume of cryptocurrency transfers.
Cross-chain hacks, such as the Axie Infinity Ronin Bridge hack,,
with North Korean hackers collectively stealing around $800 million in three separate attacks in 2022 alone.
إقرأ أيضا:Canadian police reported using Chainalysis Reactor to trace crypto crimesThe methods used to carry out these cyberattacks vary, with phishing and supply chain attacks involving compromised private keys and seed phrases
TRM Labs notes that North Korean hackers have become more industrious
with on-chain laundering methods. In the past, cryptocurrency exchanges had been used to cash
out stolen cryptocurrency, but this has evolved into highly complex “multi-stage money laundering processes.”
Hackers have evolved their methods in response to aggressive sanctions by the
Office of Foreign Assets Control, law enforcement operations and improved blockchain tracing tools.
TRM Labs unpacked North Korea’s 2023 Atomic Wallet hack as an example of the obfuscation methods now being used by hackers from the sanctioned state.
The incident occurred in June 2023, when hackers targeted noncustodial wallet provider
إقرأ أيضا:5 blockchain-based social media platforms to knowAtomic Wallet and made off with $100 million of cryptocurrency from 4,100 addresses.
TRM Labs speculates that a phishing or supply chain attack likely made the exploit possible.
Hackers drained user wallets across the Ethereum, Tron, Bitcoin, XRP,
Dogecoin, Stellar and Litecoin blockchains, sending the stolen funds to new wallets.
ERC-20 and TRC-20 tokens were swapped to Ether and Tron TRX
$0.0729 using decentralized exchanges before being laundered with a mix of automated programs, mixers and cross-chain swaps.
