
North Korean hackers stole $400M in 2021, mostly ETH: Chainalysis

North Korean hackers siphoned nearly $400 million worth of cryptocurrency through cyberattacks in 2021, according to new data from Chainalysis.

The type of stolen crypto has also undergone a sea change according to the Jan. 13 report. report from blockchain analytics firm. In 2017, BTC accounted for nearly all of the cryptocurrencies stolen by the DPRK, but now it accounts for only a fifth:

“In 2021, only 20% of stolen funds were Bitcoin, while 22% were ERC-20 tokens or altcoins. And for the first time ever, Ether accounted for the majority of stolen funds at 58%.”

The report stated that attacks in 2021 from North Korea (DPRK) primarily targeted "investment firms and centralized exchanges, and used phishing lures, code vulnerabilities, malware, and advanced social engineering" to maliciously acquire the funds. .

The stolen cryptocurrency is believed to be used by the DPRK to evade economic sanctions and to help finance nuclear weapons and ballistic missile programs, according to a UN report Security Council report.

The threat posed by the DPRK to global crypto platforms has become omnipresent. Chainalysis now refers to the hackers of the Hermit Kingdom, as Grupo Lázaro, such as advanced persistent threats (APTs). These threats have been on the rise for the past three years, following the all-time high of over $500 million in stolen crypto in 2018.

Chainalysis reported that the funds were meticulously laundered. The methods range from the chain jump, the 'peel the chain' and, more recently, hackers have employed a complicated system of exchanging and mixing currencies.

Related: LCX Loses $6.8 Million in Hot Wallet Compromise on Ethereum Blockchain

Mixers were used in over 65% of stolen funds in 2021, which is a 3x increase from 2019. A mixer is a software-based privacy system which allows users to hide the origin and destination of the coins they send. Decentralized exchanges (DEX) are increasingly preferred by hackers as they do not require permission and have ample liquidity to trade coins at the user's will.

Chainalysis used the August 19, 2021 hack at Liquid.com in which $91 million in cryptocurrency was stolen as an example of the typical way hackers from the DPRK launder funds. They first traded ERC-20 coins for Ether (ETH) on decentralized exchanges. The ETH was then sent to a mixer and exchanged for Bitcoin (BTC), which was also mixed. Ultimately, BTC was sent from the mixer to centralized Asian exchanges as a potential fiat off-ramp.