North Korean hackers stole $400M in 2021, mostly ETH: Chainalysis

North
Korean
crypto
hackers
siphoned
off
nearly
$400
million
in
crypto
through
cyber
attacks
in
2021
according
to
new
data
from
Chainalysis.

The
type
of
crypto
stolen
has
also
seen
a
sea
change
according
to
the
Jan.
13

report

from
the
blockchain
analytics
firm.
In
2017,
BTC
accounted
for
nearly
all
the
crypto
stolen
by
the
DPRK,
but
it
now
accounts
for
just
one
fifth:

“In
2021,
only
20%
of
the
stolen
funds
were
Bitcoin,
whereas
22%
were
either
ERC-20
tokens
or
altcoins.
And
for
the
first
time
ever,
Ether
accounted
for
a
majority
of
the
funds
stolen
at
58%.”

The
report
stated
that
attacks
in
2021
from
North
Korea
(DPRK)
primarily
targeted
“investment
firms
and
centralized
exchanges,
and
made
use
of
phishing
lures,
code
exploits,
malware,
and
advanced
social
engineering”
to
maliciously
acquire
the
funds.

Stolen
cryptocurrency
is
believed
to
be
used
by
the
DPRK
to

evade
economic
sanctions

and
to
help
fund
nuclear
weapons
and
ballistic
missile
programs,
according
to
a
UN

Security
Council

report.

The
threat
that
the
DPRK
presents
to
global
crypto
platforms
has
become
ever-present.
Chainalysis
now
refers
to
hackers
from
the
Hermit
Kingdom,

such
as
Lazarus
Group
,
as
advanced
persistent
threats
(APT).
These
threats
have
been
on
the
increase
over
the
past
three
years,
following
the
all-time
high
of
over
$500
million
in
crypto
stolen
in
2018.

Chainalysis
reported
that
the
funds
were
meticulously
laundered.
Methods
range
from
chain
hopping,
the
Peel
Chain

method,
and
more
recently
the
hackers
have
employed
a
complicated
system
of
coin
swaps
and
mixing.



Related:




LCX
loses
$6.8M
in
a
hot
wallet
compromise
over
Ethereum
blockchain

Mixers
were
used
on
over
65%
of
the
funds
stolen
in
2021,
which
is
a
3-fold
increase
since
2019.
A
mixer
is
a

software-based
privacy
system

that
allows
users
to
hide
the
source
and
destination
of
the
coins
they
send.
Decentralized
exchanges
(DEX)
are
increasingly
preferred
by
hackers
since
they
are
permissionless
and
have
ample
liquidity
for
coins
to
be
swapped
at
the
user’s
will.

Chainalysis
used
the
Aug.
19,
2021
hack
at
Liquid.com
in
which
$91
million
in
crypto
was
stolen
as
an
example
of
the
typical
way
in
which
DPRK
hackers
launder
funds.
They
first
swapped
ERC-20
coins
for
Ether
(ETH)
at
decentralized
exchanges.
Then
the
ETH
was
sent
to
a
mixer
and
swapped
for
Bitcoin
(BTC),
which
was
also
mixed.
Finally,
BTC
was
sent
from
the
mixer
to
centralized
Asian
exchanges
as
a
likely
fiat
off-ramp.

read original article here