The heist marked a 40 percent increase from 2020 when it stole about $300 million, according to Jonathan Levin, co-founder of Chainalysis, in a written testimony submitted to the Senate Committee on Banking, Housing and Urban affairs on Thursday in the US.
He said that the attacks targeted primarily investment firms and exchanges, deploying techniques such as phishing lures, code exploits and malware to siphon funds out from the organizations’ “hot” wallets and then move them into North Korea-controlled addresses.
“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” he said.
In the testimony, he noted that many of last year’s attacks were carried out by the Lazarus Group, a hacking group led by the North’s primary intelligence bureau, Reconnaissance General Bureau, which the US has imposed sanctions against.
The Lazarus Group, which was accused of orchestrating the notorious Sony Pictures hack in 2014 and WannaCry attack in 2017, in recent years has concentrated its efforts on digital asset crime — a strategy that has proven immensely profitable, it added.
“From 2018 on, the group has stolen and laundered massive sums of virtual currencies every year, typically in excess of $200 million,” it said.
The revenue generated from these hacks goes to support North Korea’s weapons of mass destruction and ballistic missile programs, the report said, citing the UN Security Council.
North Korea appears to be looking into digital money laundering to evade international sanctions on the regime, with the United Nations panel of experts monitoring sanctions on Pyongyang having said early this year that “cyberattacks, particularly on cryptocurrency assets, remain an important revenue source” for the regime.
The North Korean hackers targeted a diverse variety of cryptocurrencies, with ethereum accounting for 58 percent of the funds stolen, and bitcoin at 20 percent, whereas 22 percent were either ERC-20 tokens or altcoins, according to Chainalysis.
Levin identified that more than 65 percent of the North’s stolen funds were laundered through so-called mixers — “software tools that pool and scramble digital assets from thousands of addresses” — in an attempt to obscure the money’s origin.
By Ahn Sung-mi (firstname.lastname@example.org)