North Korean hackers stole $400M in 2021, mostly ETH: Chainalysis

North Korean crypto hackers siphoned disconnected astir $400 cardinal successful crypto done cyber attacks successful 2021 according to caller information from Chainalysis.

The benignant of crypto stolen has besides seen a oversea alteration according to the Jan. 13 report from the blockchain analytics firm. In 2017, BTC accounted for astir each the crypto stolen by the DPRK, but it present accounts for conscionable 1 fifth:

“In 2021, lone 20% of the stolen funds were Bitcoin, whereas 22% were either ERC-20 tokens oregon altcoins. And for the archetypal clip ever, Ether accounted for a bulk of the funds stolen astatine 58%.”

The study stated that attacks successful 2021 from North Korea (DPRK) chiefly targeted “investment firms and centralized exchanges, and made usage of phishing lures, codification exploits, malware, and precocious societal engineering” to maliciously get the funds.

Stolen cryptocurrency is believed to beryllium utilized by the DPRK to evade economical sanctions and to assistance money atomic weapons and ballistic rocket programs, according to a UN Security Council report.

The menace that the DPRK presents to planetary crypto platforms has go ever-present. Chainalysis present refers to hackers from the Hermit Kingdom, such arsenic Lazarus Group, arsenic precocious persistent threats (APT). These threats person been connected the summation implicit the past 3 years, pursuing the all-time precocious of implicit $500 cardinal successful crypto stolen successful 2018.

Chainalysis reported that the funds were meticulously laundered. Methods scope from concatenation hopping, the ‘Peel Chain’ method, and much precocious the hackers person employed a analyzable strategy of coin swaps and mixing.

Related: LCX loses $6.8M successful a blistery wallet compromise implicit Ethereum blockchain

Mixers were utilized connected implicit 65% of the funds stolen successful 2021, which is simply a 3-fold summation since 2019. A mixer is simply a software-based privateness system that allows users to fell the root and destination of the coins they send. Decentralized exchanges (DEX) are progressively preferred by hackers since they are permissionless and person ample liquidity for coins to beryllium swapped astatine the user’s will.

Chainalysis utilized the Aug. 19, 2021 hack astatine Liquid.com successful which $91 cardinal successful crypto was stolen arsenic an illustration of the emblematic mode successful which DPRK hackers launder funds. They archetypal swapped ERC-20 coins for Ether (ETH) astatine decentralized exchanges. Then the ETH was sent to a mixer and swapped for Bitcoin (BTC), which was besides mixed. Finally, BTC was sent from the mixer to centralized Asian exchanges arsenic a apt fiat off-ramp.