Analysts say that North Korea hacked about $400 million worth of cryptocurrency last year under the leadership of a North Korean hacking group known as the Lazarus Group.
According to a report by the U.S. blockchain analysis company Chainalysis on the 13th (local time), North Korea hacked into cryptocurrencies worth $395 million last year.
Hacking attacks were mainly concentrated on investment companies and exchanges, and virtual assets were siphoned off using phishing, malicious code, and malicious software and stored in a wallet operated by North Korea, the report said.
Chainsis believes that North Korea’s Lazarus group led the move. Lazarus is known as a group linked to the North Korean military reconnaissance general and is included in the U.S. and U.N. sanctions list.
The organization made its name known to the international community in 2014 after allegations arose that it hacked Sony Pictures in the U.S. It is also suspected of being behind the hacking of Bangladesh’s central bank in 2016, the distribution of ransomware “Wanna Cry” in 2017, and the 2019 Indian cash withdrawal machine attack.
In particular, the report focuses on changes in North Korea’s hacking patterns, where laundry is becoming more sophisticated.
In fact, Bitcoin accounts for 20% of cryptocurrencies hacked by North Korea last year, down from 100% in 2017 to a fifth. Ethereum had the highest ratio of 58%, while Altcoin and Ethereum-based ERC-20 tokens accounted for the remaining 22%.
The report analyzed that North Korea is exchanging Altcoin and ERC-20 tokens from the exchange to Ethereum, mixing them with Ethereum, converting them into Bitcoin, washing them with existing Bitcoin, storing them in a new wallet, and transferring them to an Asian-based cryptocurrency exchange for cash.
In particular, North Korea is using the “D-Fi platform,” so “D-Fi does not collect user information, so it is possible to use more diverse exchanges without exposing congestion without the risk of asset freezing.”
In addition, it has been confirmed that North Korea holds much of the hacked cryptocurrency without cashing it.
North Korea is not washing $170 million worth of cryptocurrency, the report said. “This means that North Korean hackers do not always wash hacked cryptocurrencies immediately.”
The reason is not accurate, but we can aim for easy cashing while waiting for interest in the hacking to subside, he said. “As a result, it means that North Korea is not desperate or in a hurry to cash in virtual assets, and is making careful plans.”