TRM Labs has reported that North Korean hackers stole $600 million in cryptocurrencies in 2023, with the potential for the number to rise to $700 million pending confirmation of additional hacks from last year. This makes the Democratic People’s Republic of Korea (DPRK) a major perpetrator of crypto thefts, responsible for nearly one-third of all stolen funds in the past year. However, this is a decrease from their $850 million loot in 2022. Notably, hacks linked to North Korea were found to be ten times more destructive than others. TRM also discovered that since 2017, threat actors affiliated with Pyongyang have stolen almost $3 billion in cryptocurrencies.
The primary target of these North Korean hackers is digital wallets, where they access private keys and seed phrases, crucial for wallet security. They then divert the victims’ assets to addresses under North Korean control. These assets are primarily converted to USDT or Tron and later turned into hard currency through high-volume over-the-counter (OTC) brokers. In the past two years, DPRK hackers have reportedly stolen around $1.5 billion.
Last month, officials from the U.S., South Korea, and Japan met to discuss North Korea’s cryptocurrency thefts in the context of its nuclear and ballistic missile programs. The White House stated that the National Security Advisors discussed ongoing initiatives, including consultations on regional crises, sharing ballistic missile defense data, and countering DPRK’s use of cryptocurrency for its unlawful weapons of mass destruction (WMD) programs.
In 2022, North Korean hackers used a tactic of targeting cryptocurrency experts with counterfeit job offers from Coinbase. This was part of their larger cybercrime strategy. Last year, the founders of Tornado Cash were indicted for laundering over $1 billion, including funds for the Lazarus Group, a sanctioned North Korean state-backed hacking group. U.S. Attorney General Merrick B. Garland also highlighted the scheme’s intent to aid criminals in laundering and concealing funds using cryptocurrency, including laundering hundreds of millions for the North Korean cybercrime group, sanctioned by the U.S. government.