A recent report has revealed that North Korean cryptocurrency hacking methods are becoming increasingly sophisticated each year.
The report particularly highlights that damages attributed to North Korean hackers account for 34% of all reported losses. When including unreported incidents, the figure is estimated to exceed 50%.
According to Radio Free Asia on August 14, the report, titled “A North Korea-Focused Investigation and Analysis of Cryptocurrency Hacking Incidents,” was published by Kloint, a South Korean company specializing in cryptocurrency tracking and analysis.
The frequency and scale of cryptocurrency thefts carried out by the North Korean hacker group Lazarus Group have been steadily increasing, the report pointed out.
Kloint’s research team analyzed 244 major hacking incidents that occurred between 2022 and June 17, 2024. These incidents were either linked to North Korea or involved amounts exceeding $1 million. The analysis also shed light on the recent activities of the Lazarus Group, providing detailed overviews and financial flow analyses of the incidents.
The report found that while North Korean-related hacks accounted for only 4.7% of the total number of incidents, the financial damage from these hacks represented about 34% of the total losses. The report further estimated that when considering unconfirmed cases, the actual percentage of losses attributed to North Korea could exceed 50%.
The report also identified two primary methods used by Lazarus Group in their attacks: “private key theft,” which involves stealing individuals’ passwords, and “social engineering attacks,” where victims are tricked into downloading files embedded with malware. These two techniques account for 63% of all hacking methods employed by the group.
Additionally, the report noted that Lazarus Group frequently uses cross-chain bridges and mixers, such as “Thorchain” and “Tornado Cash,” to obscure the origins of the stolen funds. In light of increased sanctions by the U.S. government, including the recent arrest of Tornado Cash co-founder Roman Storm, the report emphasized that Lazarus Group is seeking new money laundering routes. This includes increased use of the Railgun mixer and Southeast Asian currency exchange services.
The Railgun mixer allows users to transfer funds and interact with other decentralized finance projects without revealing detailed personal information.
BY YOUNGNAM KIM [kim.youngnam@koreadaily.com]
