16.1 C
Delhi
Thursday, February 13, 2025

New report highlights worrying trends in N. Korea’s illegal cyber activities

The Cybercrimes 2024 report published by Chainalysis, a blockchain data platform has again highlighted some interesting trends concerning North Korea cyberattacks. The report has identified a substantial decrease in money laundering by North Korean hackers like the Kimsuky and Lazarus. The hacked amount is almost USD 1 billion in 2023 as compared to USD 1.7 billion in 2022, a sharp decline in the total laundered amount. However, even though the stolen fund’s amount has dropped, the attempted number of hacks reported has risen sharply reaching 20, increasing by five more compared to 2022 and 11 more than in 2021. 

For North Korea, Decentralized Finance (DeFi) protocols are an important source of funding; last year it was among one of the important actors that drove an increase in illicit funds heists from DeFi hacking. However, this year, as stated in the report, the DeFi hacks are no longer the leading method used to obtain illegal funds. The decrease appears to be due to the number of DeFi activities and the DeFi operators getting ““better at smart contract security,” the report said. In 2023, North Korea stole USD 428.8 million through DeFi protocols compared to USD 1.1 billion stolen in 2022. 

Apart from DeFi protocols, “mixers” have been North Korea’s next most favored means to steal funds thanks to strong financial privacy rules in the international sphere. The Cybercrimes 2024 report shows that North Korea continues to use new mixer services for laundering funds. However, new mixers such as YoMix have replaced older ones like Sindbad after it was sanctioned by the OFAC last year. In 2023, the use of mixers for transfer saw a decline from USD 504.3 million to USD 1 billion in 2022, as stated in the report.

Earlier, Sindbad was the preferred mixer used by North Korean hackers. The Sindbad mixer was used to launder portions of USD 100 million, USD 620 million, and USD 100 million in different heists. Before that, two other mixer services, Tornado Cash and Blender.io were sanctioned by the OFAC. Bledner.io and Tornado Cash were used by North Korea to launder USD 20.5 million and USD 100 million respectively.

Hackers diversify methods to move and launder money

Another tool used by North Korea to mount heists is “cross-chain bridges,” which are meant to transfer blockchain assets or cryptocurrency between blockchain networks. The report shows that cross-chain bridges were used more frequently by international hackers in the past year, with the bridges used to transfer illicit funds increasing from USD 312.2 million in 2022 to USD 743.8 million in 2023. Evidence suggests that North Korean hackers were among those who utilized the cross-chain bridges the most. The Cybercrimes 2024 report identified multiple uses of cross-bridge protocols to move  funds associated with the 2022 Harmony hack. The funds were moved through different blockchains from Bitcoin to Avalanche, converted to stablecoins, and again moved from the Avalanche blockchain to TRON Blockchain. 

Mixers and Crypto bridges have continued to be a part of the North Korean strategy to launder illicit money, highlighting that the means to launder remain the same but the methods used may change. This shows two important things about how North Korean hackers function: 1) they are able to adapt quickly to changes; and 2) they are searching for new avenues to launder stolen money. The DPRK’s strategy is representative of the flexibility shown by state-affiliated hackers attempting to keep ahead of regulations and law enforcement. 

The 2024 Cybercrimes report allows us to conclude that North Korea is trying to increase the success rate of cyberattacks by diversifying money laundering across different services, particularly as it faces more constraints from regulatory frameworks and intensifying efforts by law enforcement. That North Korean hackers continue to adapt and find new ways to circumvent stringent rules show their desperation to collect funds, which then get funneled into the DPRK’s nuclear and ballistic missiles weapons program. The globe’s increasing digitalization only raises more concerns about the risks posed by North Korean cybercrimes.

Edited by Robert Lauler.

March 12, 2024 at 08:00AM

by DailyNK(North Korean Media)

Most Popular Articles