North Korean hackers stole $400 million in 2021, mostly ETH: Chainalysis

North Korean crypto hackers stole nearly $400 million in cryptocurrency through cyberattacks in 2021, according to new data from Chainalysis.

The types of cryptocurrencies stolen have also changed dramatically, according to Jan. 13 data Report From a blockchain analytics firm. In 2017, BTC accounted for almost all cryptocurrency stolen by North Korea, but now it accounts for only one-fifth:

“In 2021, only 20% of stolen funds will be in Bitcoin, while 22% will be in ERC-20 tokens or altcoins. For the first time ever, ether accounts for the majority of stolen funds at 58%.”

The 2021 attacks from North Korea (DPRK) primarily target “investment firms and centralized exchanges, and use phishing lures, code vulnerabilities, malware, and advanced social engineering” to maliciously obtain funds, the report said.

Stolen cryptocurrency thought to be used by North Korea evade economic sanctions and help fund nuclear weapons and ballistic missile programs, according to the United Nations Security Council Report.

The threat North Korea poses to global cryptocurrency platforms has become ubiquitous. Chainalysis now refers to hackers from the hermit kingdom, such as the Lazarus Group, as an Advanced Persistent Threat (APT). After an all-time high of more than $500 million in cryptocurrency theft in 2018, these threats have been increasing over the past three years.

The funds were carefully laundered, Chainalysis reported. Methods range from jump chaining, ‘peel chain‘ method, a complex system of coin swapping and mixing has been employed by hackers recently.

related: LCX loses $6.8M in hot wallet compromise on Ethereum blockchain

In 2021, more than 65% of stolen funds used mixers, which is 3 times since 2019.A coin mixer is a Software-Based Privacy Systems This allows users to hide the origin and destination of the coins they send. Decentralized exchanges (DEXs) are increasingly favored by hackers because they are permissionless and have sufficient liquidity to exchange coins at the user’s will.

Chainalysis used the August 19, 2021 hack at Liquid.com, in which $91 million in cryptocurrency was stolen, as an example of a typical way North Korean hackers launder money. They first exchanged ERC-20 tokens for ether (Ethereum) on decentralized exchanges. The ETH is then sent to the mixer and exchanged for Bitcoin (bitcoin), which is also mixed. Finally, BTC is sent from the mixer to a centralized Asian exchange as a possible fiat export.