North Korean hacker organization steals 3 billion dollars in Crypto Assets in six years

Recently, a cybersecurity report revealed a shocking fact: over the past 6 years, a hacker organization associated with North Korea has successfully stolen $3 billion worth of Crypto Assets.

The organization known as the Lazarus Group looted $1.7 billion in Crypto Assets in 2022 alone, and this money is likely being used to support various programs in North Korea. According to data from a blockchain analytics company, about $1.1 billion was stolen from decentralized finance ( DeFi ) platforms. The U.S. Department of Homeland Security also specifically highlighted Lazarus's exploitation of DeFi protocols in a report last September.

The Lazarus Group is known for its fund theft. In 2016, they hacked into the Central Bank of Bangladesh and stole $81 million. In 2018, they attacked a Japanese crypto assets exchange and stole $530 million, and the same year, they also stole $390 million from the Central Bank of Malaysia.

Since 2017, North Korea has targeted the Crypto Assets industry as a primary objective for cyber attacks. Prior to this, they hijacked the SWIFT network to steal funds from financial institutions, drawing significant attention from the international community and prompting financial institutions to strengthen their cybersecurity defenses.

As Crypto Assets began to go mainstream in 2017, North Korean hackers shifted their focus from traditional finance to this emerging form of digital finance. They initially targeted the South Korean crypto market and then expanded their influence globally.

In 2022, North Korean hackers were accused of stealing approximately $1.7 billion in Crypto Assets, which is equivalent to about 5% of North Korea's domestic economic scale or 45% of its military budget. This figure is nearly 10 times North Korea's export volume in 2021.

North Korean hackers operate in the crypto industry similarly to traditional cybercriminals, but with state support, they can conduct large-scale operations. Data shows that in 2022, about 44% of stolen crypto assets were related to North Korean hackers.

The targets of these hackers are not limited to exchanges, but also include individual users, venture capital firms, and other technologies and protocols. All institutions and individuals in the industry may become potential targets.

Traditional financial institutions should also closely monitor the activities of North Korean Hacker organizations. Once stolen Crypto Assets are converted into fiat currency, they will be transferred between different accounts to cover their origin. Stolen identities and altered photos are often used to bypass AML/KYC verification.

Since most intrusions begin with social engineering and phishing activities, organizations should train employees to monitor such activities and implement strong multi-factor authentication.

North Korea will continue to see the theft of Crypto Assets as a major source of income to fund its military and weapons programs. In recent years, both the amount of stolen Crypto Assets and the number of missile launches have significantly increased. Without stricter regulations, cybersecurity requirements, and investments, North Korea will almost certainly continue to use the Crypto Assets industry as an additional source of income.

To prevent cyber attacks from North Korea, it is recommended to take the following measures:

• Enable Multi-Factor Authentication
• Use hardware wallet
• Verify the authenticity of social media accounts
• Be cautious with airdrops and free promotional activities
• Carefully check the URL and redirection
• Only use trusted decentralized applications
• Verify smart contract address
• Be skeptical of offers that seem too good to be true.

By taking these precautions, the risk of becoming a victim of cyber attacks can be greatly reduced.