Hackers believed to be backed by the North Korean government have stolen an estimated $3 billion through attacks on the cryptocurrency industry over the past six years. Last year alone, Kimsuky, Andariel, Lazarus Group and other North Korean hacker groups were responsible for 44% of all cryptocurrency thefts worth $1.7 billion. This represents 5% of North Korea’s GDP or 45% of its military budget.
“Since 2017, North Korea has significantly increased its focus on the cryptocurrency industry, stealing approximately $3 billion worth of cryptocurrencies.”says a recent report from research firm Recorded Future’s Insikt Group. The targets of North Korean hackers include not only cryptocurrency exchanges, but also individual users, venture capital firms and other technology companies.
Researchers said North Korean cybercriminals began their activities by hacking the SWIFT banking data network and then turned their attention to cryptocurrencies during the 2017 boom, starting with the South Korean cryptocurrency market and then around the world.
Recorded Future claims that cryptocurrency theft is North Korea’s main source of income to fund military and weapons programs. Stolen cryptocurrencies are often converted into fiat resources (real money). North Korean criminals use a variety of techniques, including identity theft and altered photos, to evade anti-money laundering measures.
Recorded Future also reported that the personal information of victims of North Korean hackers could be used to create accounts in laundering stolen cryptocurrencies. Since most intrusions begin with social engineering and a phishing campaign, companies should train employees to monitor this activity and implement strong multi-factor authentication measures.
North Korea is believed to currently employ about 6,000 hackers, which the country uses for financial gain and intelligence gathering, the US Federal Bureau of Investigation reported earlier this year.