Hackers based in North Korea stole nearly $400 million (£292m) in cryptocurrencies last year, according to new research.
The hackers mainly targeted investment firms and centralised exchanges, using phishing lures, social engineering techniques and technical security exploits to steal funds from “hot” or internet-connected wallets, Chainalysis said.
Many of the attacks were probably carried out by the so-called Lazarus Group, also known as APT 38, which is believed to be controlled by North Korea’s Reconnaissance General Bureau, its primary intelligence agency, the analysts said.
But from 2018 onward, the group has focused on cryptocurrency thefts, typically stealing more than $200m a year, Chainalysis said.
An attack on KuCoin and another targeting an unnamed cryptocurrency exchange netted more than $250m each.
A United Nations panel that monitors sanctions on North Korea has accused the country of using stolen funds to support its nuclear and ballistic missile programmes and as a way of getting around international sanctions.
The number of attacks allegedly carried out by the country last year grew to seven, from four in 2020, with the value of the thefts growing by 40 percent.
More than half of the funds were in the Ether crypto-asset, at 58 percent, with 22 percent in various other coins and less than one-quarter in Bitcoin.
Chainalysis said it identified some $170m in current balances representing stolen funds from 49 separate hacks, some dating back to 2017, that are awaiting a currency-laundering process, with a further $55m dating from 2016.
The company said this suggests “a careful plan, not a desperate and hasty one”.
The country’s cryptocurrency attacks are “systematic and sophisticated”, it said.
In February of last year the US charged three North Korean programmers with hacks that stole more than $1.3bn in cash and cryptocurrency.
The attacks affected organisations ranging from banks to Hollywood movie studios, the Department of Justice said.
Also last year South Korea warned North Korean hackers had attempted to steal Covid-19 vaccine data from Pfizer.