More Than Half of Global Virtual Asset Hacks Attributed to North Korea
Infiltration and Laundering Methods Becoming Increasingly Sophisticated
More than half of the losses caused by hacking in the global virtual asset market this year have been attributed to North Korea, according to recent analysis. North Korea is reportedly using virtual asset hacking as a national-level strategic tool, rapidly evolving both its attack methods and money laundering structures.
Yonhap News reported on December 20, citing a report released by blockchain security and analytics firm TRM Labs on December 18, that North Korea has systematically conducted virtual asset hacking for years to develop weapons and secure foreign currency.
Previously, blockchain analytics company Chainalysis, headquartered in the United States, also reported on December 18 that the total amount stolen from the global cryptocurrency industry this year reached 3.4 billion dollars (approximately 5.1 trillion won). Of this, North Korean hackers accounted for 59% of the total stolen amount and 76% of the total service breaches, excluding individual wallet breaches.
The report particularly noted that, this year, the targets of attacks shifted from small decentralized finance (DeFi) services to large centralized exchanges (CEX), with a marked trend of stealing large sums in a single breach.
A representative case is the hacking of the global virtual asset exchange Bybit in February. In this incident, the North Korean hacking group Lazarus is suspected of having stolen approximately 1.5 billion dollars (about 2.21 trillion won) in virtual assets through a single attack.
The infiltration techniques have also become more sophisticated. North Korean hackers are now targeting developers and IT personnel with fake job offers or investment opportunities, delivering malicious files, taking control of development environments, and ultimately gaining access to exchanges' asset management systems. This is known as the "Code to Custody" attack structure.
The methods for handling stolen funds have also changed. As sanctions have blocked the use of mixing services, North Korea is now actively utilizing the so-called "Chinese laundromat," a Chinese underground financial network. After dispersing virtual assets across multiple blockchains, they cash out through Chinese-speaking over-the-counter brokers and underground banking networks, with this process typically completed within about a month and a half.
Chris Wong, an investigator at TRM Labs and a former agent of the United States Federal Bureau of Investigation (FBI), emphasized, "North Korea's hacking operations are highly specialized and driven by strategic objectives," adding that it is difficult to counter such threats without real-time intelligence gathering, innovative networks, and cross-border cooperation.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
