North Korean Hackers Continue To Threaten Crypto Ecosystem, Steals IDR 30 Trillion In 5 Years
JAKARTA - Hack groups from North Korea continue to threaten the cryptocurrency ecosystem more widely, by successfully stealing around $2 billion (Rp30 trillion) cryptocurrency over the past five years.
Blockchain intelligence firm TRM Labs released its latest in-depth analysis of the dark world of cryptocurrency-related hacking, focusing on exploiting North Korean cybercriminals. According to data from TRM Labs, North Korea has stolen about $200 million in cryptocurrency by 2023, covering 20% of the total stolen funds this year.
Cyberattacks from North Korea are estimated to be 10 times larger than attacks by other bad actors. Hackers from the country have also targeted a decentralized financial ecosystem (DeFi), chasing cross-chain bridges that continue to handle large amounts of cryptocurrency transfers.
Cross-chain attacks, such as the hacking of the Ronin Axie Infinity Bridge, resulted in cryptocurrency theft worth US$650 million (Rp9.8 trillion), with North Korean hackers collectively stealing around US$800 million (Rp12 trillion) in three separate attacks in 2022 alone.
The methods used to launch cyberattacks vary, with phishing and supply chain attacks involving personal keys and compressed seed phrases.
TRM Labs notes that North Korean hackers have become more sophisticated with the on-chain laundering method. In the past, cryptocurrency exchanges were used to cash stolen cryptocurrencies, but this has grown into a very complex "multiple-stage money laundering process."
اقرأ أيضا:
Hackers have developed their method in response to aggressive sanctions by the Foreign Asset Control Office (OFAC), law enforcement operations, and better blockchain tracking tools. TRM Labs outlined North Korea's Atomic Wallet hack in 2023 as an example of an undercover method now used by hackers from sanctioned countries.
The incident occurred in June 2023, when hackers targeted non-custodial wallet provider Atomic Wallet and managed to retrieve $100 million of cryptocurrency from 4,100 addresses. TRM Labs speculates that phishing or supply chain attacks are likely to make this exploit possible.
Hackers drained user wallets on various blockchains, including Ethereum, Tron, Bitcoin, XRP, Dogecoin, Stellar, and Litecoin, sending stolen funds to new wallets.
The ERC-20 and TRC-20 tokens were exchanged into Ether and Tron using decentralized exchanges before washing with automatic program mixtures, mixing, and cross-chain exchanges.