“From 2020 to 2021, the number of North Korea-related hacks jumped four to seven, and the value extracted from these hacks increased by 40 percent,” the report released Thursday said.
“Once North Korea obtained custody of the funds, it began a thorough laundering process to cover and collect,” the report added.
A United Nations group of experts charged with monitoring sanctions against North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic programs to circumvent sanctions.
North Korea is not responding to media inquiries, but has already issued statements denying the hacking allegations.
Last year, the United States indicted three North Korean computer programmers working for the country’s intelligence services for a massive, years-long hack to steal more than $1.3 billion in cash and hardware. cryptocurrencies, affecting businesses ranging from banks to Hollywood movie studios.
Chainalysis did not identify all of the targets of the hacks, but said they were primarily investment firms and centralized exchanges, including Liquid.com, which announced in August that an unauthorized user had had access to some of the cryptocurrency wallets it manages.
The attackers used phishing lures, code exploits, malware and advanced social engineering to siphon funds from these organizations’ Internet-connected “hot” wallets to addresses controlled by North Korea, according to the report.
Many of last year’s attacks were likely carried out by the Lazarus Group, a US-sanctioned hacker group that claims to be controlled by the Reconnaissance General Bureau, North Korea’s main intelligence office. .
The group has been accused of involvement in the “WannaCry” ransomware attacks, the hacking of international banks and customer accounts, and the 2014 cyberattacks on Sony Pictures Entertainment.
North Korea also appeared to be stepping up its efforts to launder stolen cryptocurrencies, significantly increasing its use of mixers, or software tools that pool and scramble cryptocurrencies from thousands of addresses, according to Chainalysis.
The report states that researchers have identified $170 million in old, unbleached cryptocurrency from 49 separate hacks spanning from 2017 to 2021.
The report says it’s unclear why the hackers are keeping these funds, but they might be hoping to thwart law enforcement interests before cashing out.
“Whatever the reason, the length of time (North Korea) is willing to hold these funds is illuminating because it suggests a prudent plan, not a desperate, hasty plan,” Chainalysis concludes.