A confidential United Nations report obtained by Reuters sheds light on the concerning activities of North Korea’s infamous cybercriminal group, the Lazarus Group. This group was found to have transferred millions of dollars worth of stolen cryptocurrency back to North Korea last year.
In a high-profile incident in March 2023, North Korean hackers unlawfully accessed $147.5 million worth of cryptocurrency from HTX, a crypto exchange owned by TRON founder Justin Sun. A year later, they successfully funneled these ill-gotten funds back into North Korea using the sanctioned crypto mixer Tornado Cash.
The report also highlighted North Korea’s persistent engagement in cyber warfare, with monitors revealing that they had been investigating 97 suspected cyberattacks on cryptocurrency firms by North Korean entities between 2017 and 2024. These attacks were estimated to have a cumulative value of around $3.6 billion.
Furthermore, it was reported that North Korean IT workers operating overseas generate significant income for the country, drawing on information from U.N. member states and private companies. The monitors were also looking into claims made in a New York Times article regarding the release of frozen North Korean assets by Russia and the opening of a bank account in South Ossetia, potentially facilitating greater access to international banking networks for Pyongyang.
The Lazarus Group and other North Korean hackers have been involved in some of the most lucrative hacks in the crypto and DeFi sectors, with Tornado Cash being a preferred tool for laundering stolen funds. In response to these activities, the U.S. sanctioned Tornado Cash in 2022 for its alleged assistance to North Korea, leading to money laundering charges against two of its co-founders in 2023.
A separate report released by the UNSC indicated that North Korea derived 50% of its foreign exchange earnings from cyberattacks, with a focus on targeting cryptocurrency platforms in recent years. While the total amount stolen in 2023 was lower compared to the previous year, the number of hacks reached a record high of 20, coinciding with a general downturn in the crypto market.
In 2023, Chainalysis estimated that the total value of stolen cryptocurrency by North Korean hackers exceeded $1 billion, with a significant portion originating from DeFi platforms. These hackers also targeted centralized services, exchanges, and wallet providers, siphoning off millions of dollars from each sector to fund their nefarious activities.
