The number of cryptocurrency hacks and attacks peaked in 2022. The biggest annual theft from web3 platforms was almost $3.8 billion, which occurred last year. Surprisingly, the National Intelligence Agency (NIS), the primary spy organization of South Korea, discovered that more than $1.2 billion of this illicit money were linked to hackers supported by North Korea.
Most recently, on March 13, a $200 million attack targeted the Euler Protocol. Hackers stole many tokens from the DeFi system by launching a flash loan attack. All told, the hackers got off with $8.8 million worth of DAI, $34.1 million worth of USDC, $18.9 million worth of WBTC, and 137.1 million in stETH.
Following the attack, the criminals started passing their stolen money through Tornado Cash, a mixing service. To hide the money trail, this was done. The US authorities recently approved Tornado Cash, a decentralized coin mixer, following concerns that North Korean hackers were using it to transfer stolen cryptocurrency cash.
A few days later, it was discovered that the criminals responsible for the Euler attack had transported $100 million worth of Ethereum to a location that had previously been suspected of having ties to North Korea. According to blockchain security company Chainalysis, “100 ETH stolen in Monday’s #Euler Finance attack were migrated to an address associated with a prior hack carried out by #NorthKorea-linked individuals. They did add, though, that this might be an attempt to sabotage any recovery operations. The Chainalysis tweet added,
This may mean the Euler hack is the work of #DPRK too, or could be misdirection by hackers.
Chainalysis
The $100 Harmony Bridge attack, which took place in June 2022, was carried out by North Korean hackers, according to confirmation from the FBI before the end of January this year. Hackers behind the exploit used RAILGUN to launder $63.4 million of the stolen funds on January 13, more than six months after the theft. For those who are unfamiliar, RAILGUN is a privacy protocol built on Ethereum that enables users to conceal the purpose of their cryptocurrency transactions and eliminate identifying information.
The FBI was able to track the payments despite their efforts to conceal the transactions. On-chain data show that the fraudulent payments were transferred to Binance and Huobi, two cryptocurrency exchanges. A short while afterward, Binance’s CEO and co-founder Changpeng Zhao stated that both exchanges had suspended and confiscated the laundered assets.
The Ronin Bridge attack from March 2022, however, is the biggest cryptocurrency hack associated with North Korea. The criminals responsible for this breach got away with 173,600 ETH, which was then valued at almost $600 million, and 25.5 million USDC.
A few weeks later, on April 14, the U.S. Treasury added an Ethereum wallet that had reportedly been used by the Lazarus Group, a well-known North Korean hacking group, to its list of Specially Designated Nationals and Blocked Persons (SDN). When the Ronin Bridge exploit was being utilized, this wallet address was used. 148,000 ETH were discovered in the wallet at the moment, perhaps through the exploit. The Ronin Bridge team also acknowledged that the wallet was connected to the exploit.
