The analyst firm said North Korea-related hacking attacks jumped from four in 2020 to seven in 2021.
North Korea launched at least seven attacks on cryptocurrency platforms last year that extracted nearly $400 million worth of digital assets, blockchain analysis firm Chainalysis said in a new report, its most successful year on record one.
“From 2020 to 2021, the number of North Korea-related hacks jumped from four to seven, and the value extracted from these hacks increased by 40 percent,” the report released Thursday said.
“Once North Korea gained custody of the funds, they began a careful money-laundering process to cover up and cash out,” the report added.
A U.N. panel of experts monitoring sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to evade sanctions.
North Korea did not respond to media inquiries, but has previously issued a statement denying the hacking allegations.
last year U.S. charges three North Korean computer programmers Worked for the country’s intelligence services on a massive, years-long hack aimed at stealing more than $1.3 billion in money and cryptocurrency, affecting companies from banks to Hollywood movie studios.
Chainalysis did not identify all the targets of the hack, but said they were mostly investment firms and centralized exchanges, including Liquid.com, which announced in August that unauthorized users could gain access to some of the cryptocurrency wallets it manages.
The attackers used phishing lures, code exploits, malware and advanced social engineering to move funds from the groups’ internet-connected “hot” wallets to addresses controlled by North Korea, the report said.
Many of last year’s attacks were likely carried out by the U.S.-sanctioned hacking group Lazarus Group, which it says is controlled by North Korea’s main intelligence agency, the Reconnaissance General Directorate.
The group is accused of being involved in the “WannaCry” ransomware attack, the hacking of international bank and customer accounts, and the 2014 cyberattack on Sony Pictures Entertainment.
North Korea also appears to have stepped up its laundering of stolen cryptocurrencies, significantly increasing the use of mixers or software tools that can pool and scramble cryptocurrencies from thousands of addresses, Chainalysis said.
According to the report, researchers discovered $170 million worth of old, unlaundered crypto assets from 49 separate hacks from 2017 to 2021.
It’s unclear why the hackers are still sitting on the funds, the report said, but said they may want to trump law enforcement interest before cashing out.
“Whatever the reason, the length of time (North Korea) is willing to hold these funds is instructive, as it suggests a prudent plan rather than a desperate and hasty plan,” concluded Chainalysis