Chainalysis reveals new update about North Korean hackers


  • A recent Chainalysis report has revealed a new update about North Korean-linked hackers.
  • The evolving tactics of North Korean-linked hackers.

In a significant development, the amount of cryptocurrency stolen by North Korea-linked hackers has seen a substantial decrease, plunging by 80% from the staggering figures reported in 2022. However, blockchain analysis expert Chainalysis has cautioned against interpreting this decline as a sign of progress in cybersecurity, as the threat remains ever-present. As of September 14, 2023, North Korea-affiliated hackers had pilfered cryptocurrency totaling $340.4 million. This figure marks a stark contrast from the previous year when a record $1.65 billion in cryptocurrency was reported stolen.

Chainalysis issues caution amid a decline in hack activity

Chainalysis, a blockchain forensics firm, issued a report on September 14, emphasizing that the reduction in theft does not necessarily indicate improved security or a decrease in criminal activities. Chainalysis pointed out that 2022 had set an alarmingly high benchmark, making this year’s lower numbers somewhat deceptive. The report cautioned, “In reality, we are only one large hack away from crossing the billion-dollar threshold of stolen funds for 2023.” Over the past ten days, North Korea’s Lazarus Group has been implicated in two separate hacks: Stake ($40 million) on September 4 and CoinEx ($55 million) on September 12.

These incidents combined resulted in a loss of over $95 million. Chainalysis noted that North Korea-linked attacks have accounted for approximately 30% of all cryptocurrency funds stolen in hacks throughout this year. Erin Plante, Vice President of Investigations at Chainalysis, expressed concern about the ongoing threat posed by Lazarus Group, highlighting their prolific nature as cryptocurrency thieves. Plante also underlined the national security implications of North Korea’s activities, considering the nation’s broader geopolitical context.

To fortify defenses against such attacks, cryptocurrency firms must focus on training their employees to counteract the social engineering tactics frequently employed by hacker groups. Plante stressed the importance of educating teams on the risks and warning signs associated with these tactics, especially when dealing with North Korean-linked hackers who exploit trust and carelessness to gain access to corporate networks. In addition to their evolving tactics, Chainalysis discovered that North Korean hackers have increasingly relied on Russian-based cryptocurrency exchanges for laundering illicit funds in recent years.

The evolving tactics of North Korean-linked hackers

This trend has raised concerns about the growing nexus between North Korean cybercriminals and Russian exchanges. According to Chainalysis, North Korea began utilizing various Russian-based exchanges as early as 2021. One of the most significant money laundering events involved the transfer of $21.9 million in funds from the Harmony Bridge hack, which amounted to $100 million, on June 24, 2022. Interestingly, United States-sanctioned cryptocurrency mixers such as Tornado Cash and Blender have also been employed by the Lazarus Group in the Harmony Bridge hack and other high-profile cyber heists.

These findings highlight the interconnected nature of the cryptocurrency landscape and the challenges faced by authorities and cybersecurity experts in tracking and apprehending cybercriminals. On the international front, the United Nations has initiated efforts to counter North Korea’s cybercrime tactics. It is widely understood that North Korea utilizes stolen cryptocurrency funds to support its nuclear missile program, underscoring the urgency of curbing these activities. Meanwhile, Chainalysis remains hopeful that increased smart contract audits will make life more challenging for hackers, including those linked to North Korea.

These audits aim to enhance the security and integrity of blockchain-based smart contracts, potentially reducing vulnerabilities that hackers can exploit. The decline in cryptocurrency theft linked to North Korea is indeed a noteworthy development, but experts caution against complacency. Cybercriminals, especially those backed by nation-states like North Korea, are known for their adaptability and persistence. As the crypto landscape continues to evolve, it remains essential for both cryptocurrency firms and international authorities to remain vigilant and proactive in countering cyber threats.

Disclaimer. The information provided is not trading advice. holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:


Written by Owotunse Adebayo

Adebayo loves to keep tab of exciting projects in the blockchain space. He is a seasoned writer who has written tons of articles about cryptocurrencies and blockchain.