North Korea Behind $600M Crypto Heist in 2020, Reports TRM Labs

• North Korean Hackers Implicated in a Third of Crypto Crimes in 2023
• Drop in Cryptocurrency Crimes in 2023
• Unprecedented Speed and Scale of Attacks
• A Decrease in Hacks in 2023
• The Unique Threat of North Korean Attacks
• The Impact of the Ronin Exploit

North Korean Hackers Implicated in a Third of Crypto Crimes in 2023

In the last year, hackers related to North Korea were responsible for one third of all cryptocurrency crimes, pilfering an estimated $600 million, as per a report by TRM Labs. This haul increases the total amount North Korea has misappropriated from cryptocurrency projects to approximately $3 billion over the preceding six years, as revealed by the blockchain analytics firm on Friday.

Drop in Cryptocurrency Crimes in 2023

The report identified a fall in the overall figure of money stolen by about 30% compared to 2022, when North Korea-linked actors bagged around $850 million. A significant portion of this sum was linked to the Ronin Bridge exploit. During 2023, the majority of the stolen funds were misappropriated in the latter months of the year, with North Korea being implicated in thefts of about $200 million in August alone.

Unprecedented Speed and Scale of Attacks

The crypto ecosystem was under attack at an unprecedented speed and scale, with cyber controls often proving ineffective, said Ari Redbord, TRM's head of legal and government affairs. Numerous attacks involved social engineering, a technique that allows criminals to gain access to private keys for specific projects.

A Decrease in Hacks in 2023

The total amount stolen through hacks in 2023 was approximately half of what was taken in the previous year, $1.7 billion compared to $4 billion. The decrease was due to a combination of factors including fewer major hacks, such as the theft from Ronin in 2022, more successful law enforcement actions, improved cybersecurity controls, and to a smaller degree, the volatility of prices over the past year.

The Unique Threat of North Korean Attacks

The distinct characteristic of North Korean attacks is that the proceeds are used to fund the development of weapons of mass destruction, thus introducing national security concerns. Unlike traditional hackers, for whom monetary gain is the primary motivator, North Korean hackers focus on using the stolen funds for weapons proliferation and other destabilizing activities.

In a recent trilateral meeting about North Korea's WMD efforts, national security officials from the U.S., Republic of Korea, and Japan have expressed these concerns.

The Impact of the Ronin Exploit

The conversation about Ronin changed the narrative to one of national security, said Redbord. It marked the first instance of the U.S. Treasury designating North Korean-related addresses, the original destinations of the stolen funds, followed by the next two addresses. This instigated the Tornado Cash sanctions, leading to further actions against Blender.io and Sinbad. As such, the whole-of-government approach was employed to tackle this issue.

Edited by Jonathan Stoker