Even as major crypto hacking incidents declined this year, North Korea remained a powerful actor in cybercrime.
According to a new report by the blockchain security platform Immunefi, the North Korea-linked hacker group Lazarus was responsible for over $300 million in losses across crypto hacking incidents in 2023, representing 17.6% of the year’s total losses.
The Lazarus Group has been responsible for some of the largest cyber attacks over the past decade, especially within the burgeoning crypto industry. First gaining notoriety after its cyberattack on Sony Pictures in 2014, Lazarus began targeting crypto protocols, stealing billions of dollars, including $600 million from the March 2022 hack of the Ronin Network, a bridge used by the popular Web3 game Axie Infinity.
While the exact composition of the Lazarus Group remains unknown, two North Korean defectors told Al Jazeera in 2011 that education begins at institutions both within and outside North Korea, with some hackers working abroad from China or Russia. In 2023, an investigation by the Wall Street Journal found that digital heists by North Korean hackers have netted more than $3 billion, which is being used to fund about 50% of the country’s ballistic missile program.
According to Immunefi, some $1.9 billion has been filched from crypto projects from 2021 to 2023, with the Ronin Network representing the largest exploit. Lazarus launched five successful attacks in 2023, including a $70 million theft from the Hong Kong-based crypto exchange CoinEx in September. At the time, the blockchain analytics firm Elliptic found that some of the funds stolen from CoinEx were sent to a crypto wallet address previously used by Lazarus to launder funds.
Despite the eye-popping numbers, 2023 has been a relatively slow year for crypto exploits. According to a new report from the blockchain analytics firm TRM Labs, the amount of money stolen in hacks fell by over 50% this year, while the number of attacks remained relatively stable.
While part of this decline can be attributed to a growing emphasis on cybersecurity within the crypto industry, as well as the increased focus of law enforcement agencies, a decrease in crypto prices perhaps also presented fewer lucrative opportunities.
But the Lazarus Group remains a serious threat. According to Immunefi, the group’s strategy shifted in 2023, with hackers focusing on centralized finance, or CeFi, platforms like CoinEx, rather than decentralized protocols. Other incidents targeted users of the non-custodial crypto wallet Atomic and the online casino and betting platform Stake.com.
Along with tracing stolen funds, law enforcement officials have also sought to cut off access to so-called crypto mixers, which allow users to combine and distribute cryptocurrency, making it harder to track. The Treasury Department sanctioned the popular mixing service Tornado Cash in August 2022, with the Department of Justice indicting two of its founders for money laundering in September 2023. The Treasury Department sanctioned another mixer popular with Lazarus Group, Sinbad.io, in November.
With crypto exploits continuing, Treasury is seeking to expand its supervisory powers over the sector. Deputy Secretary Wally Adeyemo presented a proposal at a crypto industry policy summit in late November that would require higher “know-your-customer” standards for decentralized platforms like mixers and wallet providers.