North Korean hackers stole less in 2023 despite more breaches — Chainalysis


Hacking groups linked to the Democratic People’s Republic of Korea (DPRK) stole less crypto despite ramping up their efforts and diversifying their targets in 2023, according to the latest report released by blockchain analytics firm Chainalysis.

In 2022, crypto lost from North Korea-linked exploits reached $1.7 billion through 15 hacking incidents. In 2023, Chainalysis estimated that the hacking groups stole about $1 billion worth of crypto from 20 hacks. This shows that despite having more exploits, the hackers could not surpass the value of their illicit gains in the previous year despite having more exploits. 

Total value of assets stolen by hackers linked to North Korea. Source: Chainalysis 

Erin Plante, the vice president of investigations at Chainalysis, expects that hacks linked to North Korea will continue to become more sophisticated and diverse. With their ill-gotten gains from decentralized finance (DeFi) protocols becoming less due to security improvements, Plante explained that North Korean hackers diversified and targeted centralized services and wallets. 

Types of crypto services affected by North Korean hacks. Source: Chainalysis 

The executive further noted that in 2023, DPRK-linked hackers preferred phishing and social engineering. Plante described these attack vectors as “age-old” hacking tactics that can be prevented through employee education and awareness. Plante said: 

“General security practices are an important foundation for a strong cybersecurity strategy, and organizations should ensure that every employee is vigilant and up to speed with the technical aspect of cyber defenses.”

Plante also shared that they’ve noticed a pattern regarding DPRK-linked attacks. The executive said that the hackers tend to spend more time in the networks, highlighting the need for increased network monitoring and security. 

Related: North Korean hackers using stolen crypto to mine more crypto via cloud services: Report

According to Plante, DeFi protocols that might be vulnerable to on-chain failures should employ systems that monitor on-chain activities. On the other hand, platforms vulnerable to off-chain risks must reduce their reliance on centralized products and services. 

Overall, the executive expects North Korean hackers to continue looking for opportunities to steal significant funds wherever they can. “Their ability to rapidly evolve, as doors are closed to them, continues to make them an advanced foe.”

Magazine: Real AI use cases in crypto, No. 3: Smart contract audits & cybersecurity