Thieves stole a record $3.8 billion worth of cryptocurrency in 2022 as sanctions on North Korea drove a surge in suspected hacking by the isolated country.
Overall crypto losses increased from $3.3 billion stolen in 2021, the blockchain analysis firm Chainalysis said in a report published on Wednesday.
Hacking groups that US officials have linked to the North Korean government stole an estimated $1.7 billion in 2022, up from roughly $400 million the year before, according to the firm.
North Korean hackers have increased their focus on the cryptocurrency sector as a means to raise revenue in the face of international sanctions, according to US officials. Fraudsters have used a range of tactics, from posing as non-North Koreans in job interviews to deploying ransomware, in order to generate revenue, researchers have found.
Anne Neuberger, the US deputy national security adviser for cyber and emerging technology, said in July that money stolen via hacking makes up roughly one-third of the funding for Pyongyang’s weapons development programmes.
The US Federal Bureau of Investigation last week blamed two North Korean cybercrime groups for stealing $100 million in a heist in June last year at the Harmony Bridge crypto service.
The Lazarus Group, a specialised hacking unit that the FBI previously said is associated with North Korea’s Reconnaissance General Bureau, also stole roughly $600 million in March from a blockchain network connected to Axie Infinity, a video game in which players can earn digital tokens, US officials said.
Investigators later said they had recovered $30 million that was stolen in the Axie Infinity theft, in what Chainalysis said was the first-ever seizure of funds stolen by hackers with links to North Korea.
“While North Korea-linked hackers are undoubtedly sophisticated and represent a significant threat to the cryptocurrency ecosystem, law enforcement and national security agencies’ ability to fight back is growing,” Chainalysis wrote.
Following the Axie Infinity recovery, “we expect more such stories in the coming years, largely due to the transparency of the blockchain. When every transaction is recorded in a public ledger, it means that law enforcement always has a trail to follow, even years after the fact, which is invaluable as investigative techniques improve over time”.
The report found that suspected North Korean groups relied heavily on “mixing” services, which allow uses to mask their transactions, to launder stolen cryptocurrency. The hackers almost exclusively used Tornado Cash to launder digital money until the US Treasury Department sanctioned the service in August.
Of all the cryptocurrency stolen last year, $3.1 billion was taken from decentralised finance, or DeFi, protocols, Chainalysis said. Attackers took advantage of hard-to-spot digital vulnerabilities in the DeFi infrastructure that undergirds crypto projects, with a particular focus on bridge services.
Of the $3.1 billion stolen from DeFi services, 64% came from cross-chain bridges, which allow users to convert one cryptocurrency to another, Chainalysis observed.