North Korea’s hacking crew has been found to be responsible for the loss of $170 million worth of cryptocurrency following a recent investigation by cybersecurity firm Group-IB. They took advantage of security flaws in exchange platforms and wallets, which were not as secure as they should have been.

North Korean hackers are sitting on $170 million worth of unlaundered crypto. North Korea is planning to test a missile in 2022.

According to Chainalysis, cybercriminals for the Democratic People’s Republic of Korea (DPRK) declared themselves an advanced persistent danger to the bitcoin market in 2021.

North Korean hackers stole $400 million worth of cryptocurrency last year, according to the blockchain-based data platform that assists the public and private sectors in identifying and preventing the use of cryptocurrencies for illegal purposes. At the same time, the total amount of unlaundered money accumulated to an all-time high (ATH).

The Lazarus Group

North Korean hackers executed at least seven assaults against cryptocurrency platforms in 2021, largely targeting centralized exchanges and investment businesses. These operations resulted in the theft of about $400 million worth of bitcoin.

While the number of assaults increased from four to seven in comparison to 2020, the value extracted increased by 40%.

hacks from North Korea throughout time (Chainalysis)

Cybercriminals employed phishing lures, code exploits, malware, and sophisticated social engineering to transfer money from these firms’ “hot” wallets to DPRK-controlled accounts.  

Once North Korea had control of the stolen cryptocurrency, they carefully laundered the money to conceal their actions and pay it out. 

The report stated that “many security researchers have classified cyber actors for the DPRK as advanced persistent threats (APTs) as a result of these complex tactics and techniques,” noting that this is especially true for APT 38, also known as the “Lazarus Group,” which is led by the DPRK’s main intelligence agency, the US and UN-sanctioned Reconnaissance General Bureau.

Since 2018, Lazarus Group has stolen and laundered enormous amounts of cryptocurrency annually—usually more than $200 million. 

The report noted that, in accordance with the UN security council, the money gained from the hacks is used to fund North Korea’s WMD and ballistic missile programs. It stated that the two most lucrative individual hacks, one on KuCoin and the other on an unnamed cryptocurrency exchange, each netted more than $250 million alone.

washing procedure

In terms of monetary value in 2021, Ethereum for the first time ever made up the bulk of the cryptocurrency stolen by the DPRK, with Bitcoin making up just 20% and ERC-20 tokens and altcoins making up 22% of the cash. 

North Korean hackers are sitting on $170 million worth of unlaundered crypto By kind of coin, the proportion of stolen cryptocurrency over time (Chainalysis)

According to Chainalysis, which broke down the complicated procedure into multiple parts and saw a rise in the usage of “mixers” by North Korean hackers in 2021, the diversity of stolen cryptocurrency has contributed to an increase in the complexity of DPRK’s crypto laundering.

The tracing of transactions is further complicated by these software tools, which allow hackers to combine and mix bitcoins from hundreds of addresses.

Based on one of the assaults from the previous year that led to the laundering of $91.35 million in cryptocurrency, Chainalysis described the current strategies being deployed.

According to a revelation from in August, an unauthorized user had acquired access to some of the crypto exchange’s wallets. In the assault, huge amounts of Ethereum and Bitcoin, as well as 67 other ERC-20 tokens, were transferred from these cryptocurrency wallets to addresses under the control of an individual acting on behalf of the DPRK. 

In a typically used washing procedure, ERC-20 tokens and altcoins are swapped for Ethereum at DEXs.

North Korean hackers are sitting on $170 million worth of unlaundered crypto washing procedure visualization in Chainalysis Reactor: Stolen ERC-20 tokens swapped for Ethereum at DEXs (Chainalysis)

The next phase involves mixing Ethereum with Bitcoin and exchanging it on DEXs and CEXs.

North Korean hackers are sitting on $170 million worth of unlaundered crypto washing procedure visualization in Chainalysis Reactor: Mixed Ethereum deposited at DEXs and CEXs to swap for Bitcoin (Chainalysis)

Bitcoin is then combined and stored in new wallets before being delivered to deposit addresses at Asian-based crypto-to-fiat exchangers.

North Korean hackers are sitting on $170 million worth of unlaundered crypto washing procedure visualization: Bitcoin is mixed, consolidated into new wallets, and deposited at crypto-to-fiat exchange services for cash out (Chainalysis)

The research claims that in 2021, up from 42% in 2020, mixers were used to launder more than 65% of the stolen money from the DPRK.

As a “planned effort to disguise the provenance of their ill-gotten cryptocurrency while off ramping into money,” Chainalysis highlights DPRK’s usage of several mixers. 

To “offer liquidity for a broad variety of ERC-20 tokens and altcoins that may not otherwise be converted into cash,” DPRK hackers turn to DeFi platforms like DEXs. 

These cryptocurrencies become more liquid when exchanged for Ethereum or Bitcoin, and a wider range of mixers and exchangers become available. 

According to Chainalysis, since DeFi platforms are non-custodial, they often do not gather know-your-customer (KYC) data, allowing hackers to utilize their services without having their assets frozen or their identities revealed.

Stockpiling of illicit wealth

The research said that “Chainalysis has identified $170 million in current balances that are owned by North Korea but have not yet been laundered via services, reflecting the stolen cash of 49 distinct attacks ranging from 2017 to 2021.”

Approximately $35 million of DPRK’s total holdings came from assaults in 2020 and 2021, while more than $55 million originated from attacks in 2016. The research showed enormous unlaundered balances that were up to six years old.

North Korean hackers are sitting on $170 million worth of unlaundered crypto Balances by year of assaults held by DPRK (Chainalysis)

Whatever the reason, the length of time that the DPRK is willing to hold on to these funds is illuminating because it suggests a careful plan, not a desperate and hasty one, according to the report. “It’s unclear why the hackers would still be sitting on these funds, but it could be that they are hoping law enforcement interest in the cases will die down, so they can cash out without being watched,” read the report. 


The most significant daily news in the fields of crypto, DeFi, NFTs, and more are summarized in this publication.

Gain an advantage in the market for cryptoassets.

As a paying Edge member, you can get additional crypto insights and context in every story.

On-chain evaluation

Amount snapshots

More background

Join now for just $19/month Examine all the perks

North Korean hackers are sitting on $170 million worth of unlaundered crypto. North Korea has been launching missiles in recent months, which has led to the US and South Korea conducting military drills. Reference: north korea missile launch.

Related Tags

  • north korea crypto
  • north korea crypto hack
  • north korea currency
  • cryptocurrency news