Cybercrime groups supported by the North Korean regime have increasingly been focusing on crypto markets, for several obvious reasons. Lazarus APT, in particular, has been a very technically skilled and well-funded threat group involved in carrying out attacks on the crypto industry.
The attacks on crypto markets
According to Chainalysis, the number of North Korea-based crypto attacks has soared in the past year.
The attacks netted around $400 million in 2021, a whopping 40% increase as compared to the last year.
North Korea-supported attackers control $170 million in their crypto balances, collected from 49 attacks carried out between 2017 and 2021.
Attackers are using various methods, including phishing emails, malware, social engineering tricks, and code exploits to target their victims, mostly involving investment firms and crypto exchanges.
The attackers transfer cryptocurrency from the hot wallets of these firms to other wallets controlled by the North Korean regime.
Notably, the infamous Lazarus group has been using its resources and infrastructure to target crypto markets.
Exploring the money laundering
The North Korean regime has developed a complex crypto-laundering operation targeting fiat-to-crypto exchange or Asian exchanges trading crypto.
Before cashing out the money, they are laundered using software known as mixers.
The mixers are used to hide the origins of their malicious cryptocurrencies while converting them into fiat currencies.
Stolen crypto funds are run through a DeFi platform for easily converting Ethereum or Bitcoin into cash.
North Korea-supported threat groups are increasingly putting efforts and resources to target the crypto market. Moreover, they have developed a complex system in an attempt to hide the originating source or the traces of the stolen funds while converting them into fiat currency. It calls for some strict rules and collective actions at the global level to curb such threats looming over the cryptocurrency industry.