Blockchain intelligence firm TRM Labs has disclosed that North Korean hackers were responsible for approximately one-third of all cryptocurrency stolen through hacks in 2023.
According to a report released on January 5, 2024, TRM Labs estimates that these hackers potentially stole up to $600 million in cryptocurrency throughout the year, with $600 million confirmed by their research. This revelation suggests a significant increase in the involvement of North Korean hackers in cryptocurrency-related cybercrimes.
Persistent threat from North Korean hackers
TRM Labs’ research indicates that hackers linked to the Democratic People’s Republic of Korea (DPRK) have managed to steal an astonishing $3 billion worth of cryptocurrencies since 2017.
The primary modus operandi of these hackers involves compromising users’ private keys or seed phrases, transferring the stolen funds to DPRK-controlled wallets, and subsequently exchanging the assets for cryptocurrencies like Tether (USDT) or Tron.
This dynamic approach to money laundering enables them to stay one step ahead of international law enforcement efforts.
One of the most concerning aspects highlighted by TRM Labs is the constant evolution of the DPRK’s money laundering techniques. These tactics are designed to evade detection and pressure from international law enforcement agencies.
As cryptocurrency exchanges improve their cybersecurity measures and international cooperation intensifies to track and recover stolen funds, North Korean hackers have continued to adapt and innovate. This adaptability underscores business’s and governments’ need for ongoing vigilance and innovation.
U.S. Treasury Department sanctions and ongoing threat
In response to the persistent threat posed by North Korean hackers, the United States Treasury Department has imposed sanctions on individuals and hacking groups allegedly tied to North Korea, including the notorious Lazarus group.
Despite these sanctions, TRM Labs reports that the DPRK has been actively exploring alternative laundering methods following the Treasury Department’s sanctions against cryptocurrency mixers such as Tornado Cash and Sinbad.
Future challenges and the need for continued vigilance
TRM Labs concludes that the world should remain prepared for further disruptions caused by North Korea’s prolific cyber-theft activities. Their ability to adapt to changing circumstances and stay ahead of law enforcement underscores the gravity of the situation.
As the world moves into 2024, businesses and governments must remain vigilant and continue to enhance their cybersecurity measures to counter the ongoing threat posed by North Korean hackers.