Hackers associated with North Korea participated in one-third of all cryptocurrency thefts and breaches in the previous year, accumulating approximately $600 million, as stated by a study from TRM Labs. Over the last six years, the total amount acquired from cryptocurrency ventures by the Democratic People’s Republic of Korea (DPRK) has neared $3 billion, as reported by the blockchain analysis company on Friday.
Even so, the amount is approximately 30% lower than in 2022, according to Ari Redbord, TRM’s head of legal and government affairs. In that year, actors linked to the DPRK absconded with about $850 million, with a significant portion stemming from the Ronin Bridge breach, as Redbord mentioned in a conversation. In 2023, the majority of the purloined funds occurred in the latter months; TRM ascribed roughly $200 million of the stolen funds to North Korea in August 2023.
“They’re clearly attacking the crypto ecosystem at a really unprecedented speed and scale and continue to take advantage of sort of weak cyber controls.”
Ari Redbord, TRM’s head of legal and government affairs
Moreover, Redbord noted that numerous attacks still employ methods known as social engineering, enabling attackers to obtain private keys to access projects. In total, the funds stolen in 2023 through hacks amounted to about half of what was taken in the previous year, with $1.7 billion compared to $4 billion. He pointed out that the decrease can be attributed to several reasons: a reduction in significant incidents like the Ronin theft in 2022, more effective law enforcement interventions, improved cybersecurity measures, and, to some degree, the fluctuation in prices over the year.
What distinguishes North Korean attacks is that the proceeds are funneled into developing weapons of mass destruction, thereby elevating national security risks. Redbord highlighted the unique nature of North Korean hackers, emphasizing that their motivations extend beyond mere greed or financial gain. Instead, they are focused on diverting these funds for weapons proliferation and other destabilizing activities, posing a global threat. This distinct purpose underlines the importance of addressing these threats from a national security standpoint.
In a recent trilateral meeting about North Korea’s WMD pursuits, national security officials from the U.S., the Republic of Korea, and Japan have openly expressed their concerns. Redbord remarked that the Ronin incident marked a pivotal shift in framing the issue as one of national security. He pointed out that it was the first instance where the U.S. Treasury identified and designated North Korean-related addresses involved in the theft, tracing the initial and subsequent transfers of stolen funds. This action set the precedent for subsequent sanctions against platforms like Tornado Cash, Blender.io, and now Sinbad, exemplifying a comprehensive government strategy to tackle the problem.
