The Democratic People’s Republic of Korea (DPRK) has been implicated in the substantial theft of cryptocurrency assets, amassing nearly $600 million in 2023 alone. This figure could escalate to $700 million pending confirmation of additional cyberattacks occurring in the final days of the year.
Comparative Analysis of Cyber Heists
Over the past two years, DPRK’s crypto heists have resulted in over $1.5 billion in losses, although 2023 saw a 30% decrease in such activities compared to the preceding year. In total, since 2017, North Korean cyber operatives have illicitly acquired $3 billion worth of digital currencies, marking their cyber operations as significantly more damaging than average cyberattacks.
Methods of Digital Asset Theft and Laundering
North Korean hackers have executed their cybercrimes by breaching the primary security defenses of digital wallets—private keys and seed phrases. Following the breach, they divert the funds to their own wallets, subsequently trading them for stablecoins such as USDT or Tron. These assets are then converted into traditional currency through large-scale over-the-counter (OTC) brokers.
Their laundering tactics are constantly evolving to circumvent global law enforcement efforts. Initially, they employed mixing services like Tornado Cash and ChipMixer to mingle illicit proceeds with legitimate funds, thereby achieving anonymity.
The group has recently shifted to using the BTC mixing service Sinbad, which faced sanctions from the Office of Foreign Assets Control (OFAC) in November 2023. This group is considered highly dangerous and requires constant monitoring, with the potential for more cyber threats in 2024.
The last two years have demonstrated North Korea’s proficiency in cyber theft, underlining the urgency for heightened cybersecurity measures across industries and governments. Given these threats, organizations are advised to reinforce their digital safeguards and ensure that security updates are applied regularly to all systems.
