A United Nations report obtained by Reuters recently exposed North Korea’s Lazarus Group’s continuous cyber-spying efforts. The report reveals that the group channeled millions of dollars worth of stolen cryptocurrency back to North Korea last year through a crypto mixer, Tornado Cash.

In March 2023, the Lazarus Group committed a major breach. It illegally obtained $147.5 million worth of cryptocurrency from HTX, a crypto exchange owned by TRON founder Justin Sun. Subsequently, the group moved the stolen funds through Tornado Cash, facilitating their transfer to North Korea.

Cyberattacks against crypto companies 

The UN report further highlights the increasing frequency of cyberattacks on cryptocurrency firms attributed to North Korean hackers. According to monitors, there have been 97 suspected cyberattacks between 2017 and 2024, amounting to an estimated $3.6 billion in stolen funds. This information was disclosed in a report submitted to a United Nations Security Council (UNSC) sanctions committee.

The report also cites a New York Times article from February 6. This article revealed that Russia had released $9 million in frozen North Korean assets. It also permitted Pyongyang to open an account at a Russian bank in South Ossetia. This move helped improve North Korea’s access to international banking networks.

Along with other North Korean hackers, the Lazarus Group has consistently targeted the cryptocurrency and decentralized finance (DeFi) sectors, executing expensive hacks. Notably, Tornado Cash has emerged as their preferred tool for illegally moving stolen funds.

North Korea’s economy 

Despite facing sanctions from the United States in 2022, Tornado Cash continued to operate, accused of aiding North Korea. In 2023, two of its co-founders faced charges related to facilitating over $1 billion in money laundering, including for cybercrime groups associated with North Korea.

An earlier UNSC report revealed that North Korea received 50% of its foreign exchange earnings from cyberattacks. In 2023, they expanded their focus to include cryptocurrency platforms. DeFi became a major target, resulting in about $429 million in stolen funds.

Chainalysis, a blockchain analysis firm, reported a record high of 20 hacks in 2023. This occurred despite a decrease in the total amount stolen compared to 2022. North Korean hackers targeted centralized services, exchanges, and wallet providers, collecting significant sums of stolen crypto.

A spokesperson from Chainalysis noted that “North Korean hackers have demonstrated increasing sophistication in their targeting of cryptocurrency platforms.”

The UN report reveals the continuous challenges North Korea’s cyber activities pose within the cryptocurrency space. As regulatory bodies and law enforcement agencies increase efforts to fight cybercrime, using crypto mixers like Tornado Cash continues to present hurdles in tracking and recovering stolen funds.

“Curtailing the illicit activities of North Korean hackers necessitates close coordination among governments, regulatory bodies, and private sector stakeholders,” emphasized a cybersecurity expert.

The report highlights the importance of improving cybersecurity measures and implementing regulatory frameworks to reduce the risks associated with cryptocurrency-related cybercrime. Addressing these challenges as the cryptocurrency ecosystem evolves remains an important concern for stakeholders worldwide.

Also read: Grayscale CEO Michael Sonnenshein Resigns