The analysis firm says North Korea-related hacks jumped from four in 2020 to seven in 2021.
Blockchain analysis firm Chainalysis said in a new report that North Korea conducted at least seven attacks on cryptocurrency platforms that extracted nearly $400 million in digital assets last year, one of its most successful years ever.
“From 2020 to 2021, the number of North Korea-related hacks jumped from four to seven, and the value extracted from these hacks grew by 40 percent,” the report released Thursday said.
“Once North Korea obtained custody of the funds, they began a delicate laundering process to cover up and profit from the funds,” the report added.
A United Nations panel of experts monitoring North Korea sanctions has accused Pyongyang of using stolen money to support its nuclear and ballistic missile programs to get around the sanctions.
North Korea does not respond to media inquiries but has previously issued statements denying the hacking allegations.
Last year, the United States accused three North Korean computer programmers working for the country’s intelligence service of a massive, years-long hacking spree aimed at stealing more than $1.3 billion in cash and cryptocurrency, affecting businesses from banks to Hollywood movie studios.
Chainalysis did not specify all the targets of the hack but said they were primarily investment firms and centralized exchanges, including Liquid.com, which announced in August that an unauthorized user had gained access to some of the cryptocurrency wallets it manages.
The attackers used phishing lures, exploit code, malware, and advanced social engineering to steal money from these organizations’ Internet-connected “hot” wallets to addresses controlled by North Korea, the report said.
Many of last year’s attacks were likely carried out by Lazarus Group, a hacking group under sanctions by the United States, which says it is under the control of the General Bureau of Reconnaissance, North Korea’s main intelligence office.
The group has been accused of involvement in the WannaCry ransomware attacks, the hacking of international banks and customer accounts, and the 2014 cyber attacks on Sony Pictures Entertainment.
Chainalysis said North Korea appeared to be ramping up its efforts to launder stolen cryptocurrency, dramatically increasing its use of mixers, or software tools that collect and crowd cryptocurrencies from thousands of addresses.
The report said researchers identified $170 million in unlaundered old crypto holdings from 49 separate hacks stretching from 2017 to 2021.
The report said it’s unclear why hackers continue to get this money, but they said they may hope to deceive law enforcement interests before cashing out.
Whatever the reason, the length of time (North Korea) is willing to keep this money is illuminating, because it indicates a careful plan, not a desperate and hasty plan.