- North Korean hacking groups have been laundering crypto assets through the help of Russian crypto exchanges.
- Sanction monitors have linked the alliance as a move to secure funds for nuclear weapons and nuclear fission materials.
A recent report by Chainalysis has revealed that cyber-hacking groups linked to the Democratic People’s Republic of Korea (DPRK) have been using Russian crypto exchanges to launder crypto assets.
The report comes as independent sanctions monitors are raising alarms over North Korea’s continued development of nuclear weapons despite long-term sanctions from the United Nations.
“After a record-breaking level of cyber thefts in 2022, estimated at $1.7 billion, DPRK (North Korean) hackers reportedly continued to successfully target cyber cryptocurrency and other financial exchanges globally,” independent sanctions monitors wrote to the UN in a recent unpublished report obtained by Reuters.
The sanction monitors have several times—in the past—accused North Korea of employing cyber attacks to obtain crypto assets to fund its nuclear and missile operations. However, DPRK has denied all allegations of cyberattacks and employing hackers.
Chainalysis Report
In June 2022, Chainalysis report alleged that the Harmony Hack had similar patterns attributed to DPRK hackers. The event had an attack vector & high velocity of structured payments to a mixer—a strategy that had been flagged in other North Korean-related hackings.
The blockchain analytics firm has produced new data showing that the $21.9 million was recently transferred to a Russia-based exchange known for processing illicit transactions. Furthermore, Chainalysis has confirmed that, since 2021, DPRK entities have been using Russian services—including this exchange—for money laundering.
The Chainalysis reactor, presented in the report, shows that North Korean hacking groups funnel funds to mainstream exchanges through an intermediary wallet, while also moving some of the stolen funds to Russian exchanges.
The findings confirm the ongoing alliance between North Korea and Russia, a relationship that has posed a challenge for global sanction authorities. In the event of a cyberattack, mainstream exchanges can be relied on to cooperate with the authorities, but Russian exchanges and law enforcement are notorious for non-compliance.
Are North Korean Hackers Less Active in 2023?
North Korean hackers, led by the notorious Lazarus Group, broke their record for cyber theft in 2022, with a total sum of $1.7 billion amassed from DeFi protocols and other crypto mixers; from the previous year with export of $124 million worth of assets.
The groups almost exclusively targeted Tornado Cash, a mixer, due to its anonymity attributes that made it difficult to trace before moving to Sinbad, a Bitcoin mixer after Tornado Cash received sanctions.
According to Chainalysis, the value of stolen crypto attributed to DPRK this year totals around $340.4 million—a far stretch from the $1.7 billion in 2022. However, rather than being less prolific, the figures from last year might have set an impassible benchmark for the hacking groups to surpass.
The combined efforts from crypto companies and cooperation from international bodies and countries in countering crypto-related attacks have also helped maintain the security of global financial systems.
