North Korea Was Responsible for Over $600M in Crypto Thefts Last Year: TRM Labs

North Korea-affiliated hackers were involved in a third of all crypto exploits and thefts last year, making off with some $600 million in funds, according to a report from TRM Labs.

The sum brings the Democratic People's Republic of Korea's (DPRK) total take from crypto projects to almost $3 billion over the past six years, the blockchain analytics firm said Friday.

Still, the figure is about 30% less than in 2022, TRM's head of legal and government affairs, Ari Redbord, said. That year, DPRK-affiliated actors made off with around $850 million, "a huge chunk" of which came from the Ronin Bridge exploit, Redbord told CoinDesk in an interview. In 2023, most of the stolen funds were taken in the last few months; TRM attributed about $200 million in stolen funds to North Korea in August 2023.

"They're clearly attacking the crypto ecosystem at a really unprecedented speed and scale and continue to take advantage of sort of weak cyber controls," he said.

Many of the attacks continue to use so-called social engineering, allowing the perpetrators to acquire private keys for projects, he said.

Overall, the amount stolen in hacks in 2023 was roughly half that taken the previous year – $1.7 billion compared with $4 billion.

Redbord attributed the drop to several factors. There were fewer major hacks like 2022's Ronin theft, and other factors include successful law enforcement actions, better cybersecurity controls and, to a limited extent, price volatility over the past year.

What makes North Korean attacks stand out is that proceeds go toward the development of weapons of mass destruction, raising national security concerns.

"North Korean hackers are different, because it's not for greed or money or the typical hacker mentality; it's about taking those funds and using them for weapons proliferation and other types of destabilizing activity, which is a global threat," he said. "And that's why there's such a focus on it from a national security perspective."

National security officials in the U.S., Republic of Korea and Japan have directly mentioned these concerns in a recent trilateral meeting about North Korea's WMD efforts.

"Ronin really changed that conversation to a national security conversation," Redbord said. "Ronin was the first time we saw U.S. Treasury designate North Korea-related addresses, and it was the addresses that the original funds went off to ... and then the next two addresses. This is what started the whole Tornado Cash [sanctions], and then Blender.io and now Sinbad, so it's a whole-of-government approach to go after this issue."