North Korea's Booming Hacking Industry Stole $400M in Cryptocurrency Last Year

North Korean hackers stole $400 million worth of cryptocurrency last year, "launching at least seven attacks on cryptocurrency platforms," new research has found.

The findings released by Chainalysis, a software company that monitors cryptocurrency, found that the attacks targeted "primarily investment firms and centralized exchanges."

The hackers "made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds out of these organizations' internet-connected 'hot' wallets into DPRK-controlled addresses," Chainalysis wrote on Thursday. "Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out."

The company found between 2020 and 2021, the number of hacks linked to North Korea increased from four to seven, "and the value extracted from these hacks grew by 40 percent."

"In terms of dollar value, Bitcoin now accounts for less than one-fourth of the cryptocurrencies stolen by DPRK, Chainalysis wrote. "In 2021, only 20 percent of the stolen funds were Bitcoin, whereas 22 percent were either ERC-20 tokens or altcoins. And for the first time ever, Ether accounted for a majority of the funds stolen at 58 percent."

The company's research claimed that many of the attacks were likely carried out by the state-sponsored Lazarus Group, which the U.S. has sanctioned and blamed for hacks including the WannaCry ransomware attacks in 2017.

"From 2018 on, The group has stolen and laundered massive sums of virtual currencies every year, typically in excess of $200 million," Chainalysis wrote, noting that the most successful hacks, one targeting the cryptocurrency exchange KuCoin and the other targeting an unnamed cryptocurrency exchange, "each netted more than $250 million alone."

The researchers wrote that according to the United Nations Security Council, the money from the hacks "goes to support North Korea's WMD and ballistic missile programs."

North Korea's Booming Hacking Industry Stole $400M
North Korean hackers stole $400 million worth of cryptocurrency last year, "launching at least seven attacks on cryptocurrency platforms," new research has found. Above, people visit the statues of President Kim Il Sung and Chairman... Kim Won Jin

Chainalysis also noted that it observed that North Korea has a "stolen fund stockpile" of $170 million in cryptocurrency from nearly fifty separate attacks between 2017 and 2021 that it hasn't laundered.

"This suggests that DPRK-linked hackers aren't always quick to move stolen cryptocurrencies through the laundering process," the company wrote.

Researchers said it's unclear why the North Korean hackers "would still be sitting on these funds."

"Whatever the reason may be, the length of time that DPRK is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one," the researchers added.

Newsweek reached out to the United Nations for comment on the findings released this week, but did not receive a response before publication on Friday morning.

Uncommon Knowledge

Newsweek is committed to challenging conventional wisdom and finding connections in the search for common ground.

Newsweek is committed to challenging conventional wisdom and finding connections in the search for common ground.

About the writer


Xander Landen is a Newsweek weekend reporter. His focus is often U.S. politics, but he frequently covers other issues including ... Read more

To read how Newsweek uses AI as a newsroom tool, Click here.

Newsweek cover
  • Newsweek magazine delivered to your door
  • Newsweek Voices: Diverse audio opinions
  • Enjoy ad-free browsing on Newsweek.com
  • Comment on articles
  • Newsweek app updates on-the-go
Newsweek cover
  • Newsweek Voices: Diverse audio opinions
  • Enjoy ad-free browsing on Newsweek.com
  • Comment on articles
  • Newsweek app updates on-the-go