In the realm of digital assets, the year 2023 has unfolded with a trail of cybercrime, predominantly orchestrated by North Korean hackers. As the cryptocurrency market continues to flourish, so does the audacity of these hackers, who have successfully swiped more than $200 million in digital riches in 2023 alone. A recent report unveiled by blockchain intelligence firm TRM Labs has shed light on this disturbing trend, revealing that this staggering figure constitutes over 20% of the total cryptocurrency stolen this year. The scope of their digital heists becomes even more unsettling when considering that this sum is just a fragment of the $2 billion looted by cybercriminals in the past five years.
While the ongoing year seems to be a profitable spree for cybercriminals, the pinnacle of their success was achieved in the previous year. In 2022, hackers executed their most prosperous campaigns, amassing a whopping $800 million in stolen cryptocurrency. This achievement was fueled by a series of strategic attacks on decentralized finance (DeFi) protocols, culminating in three major breaches that exploited cross-chain bridges. The most significant of these breaches targeted the Ronin Bridge, resulting in the siphoning of a staggering $625 million in March of that year.
The tactics employed by North Korean hackers to launder their ill-gotten gains are multifaceted and intricate. They employ techniques ranging from chain hopping to the utilization of cryptocurrency mixers. These methods facilitate the swift conversion of stolen funds into traditional currencies through exchanges that maintain lenient Know Your Customer (KYC) and Anti-Money Laundering (AML) protocols. Following the Office of Foreign Assets Control’s (OFAC) sanctions on cryptocurrency mixing service Tornado Cash last year, North Korean hackers have gravitated towards Sinbad as their preferred mixing service.
One notable incident involved hackers targeting users of Atomic Wallet in June. The attackers managed to pilfer an approximate $100 million worth of cryptocurrencies including Bitcoin, Ethereum, Tron, XRP, Stellar, Dogecoin, and Litecoin. By siphoning the looted Ethereum into new controlled addresses, the cybercriminals converted it into stolen wrapped Ether (WETH), which was then swapped for wrapped Bitcoin (WBTC). Subsequently, they exchanged the WBTC for Bitcoin and routed the funds through mixing services to obscure their origins.
TRM Labs, based in San Francisco, boasts a team comprising former members of prestigious organizations such as INTERPOL, the Australian Federal Police, the UK’s National Crime Agency, IRS Criminal Investigation, FBI, and the US Secret Service. With their finger on the pulse of digital crime, they’ve revealed how the landscape of cybercrime is evolving.
In May, TRM Labs reported a decline in hacking incidents during the first quarter of 2023. This decline was attributed to the sanctions imposed on the Tornado Cash Ethereum mixer in the preceding August. Recognizing the significance of robust cybersecurity, TRM Labs underlines the efficacy of hardware security modules for safeguarding cryptographic keys, the implementation of whitelisting addresses to confine fund transfers to trusted entities, and the adoption of secure offline storage for keys and passphrases.
The world of blockchain investigation is comprised of several key players, including Peck Shield, Chainalysis, Nansen, Eleptic, and CipherTrace. Among them, Peck Shield has recently identified an ongoing attack on the Exactly protocol—a credit market operating on the Optimism network. Reports from De.Fi, a web3 antivirus company, disclosed a successful hack on Exactly, resulting in the loss of 4323.6 ETH, equivalent to approximately $7.2 million. As the cryptocurrency landscape continues to evolve, so too does the ingenuity of hackers seeking to exploit its vulnerabilities. Vigilance, robust security practices, and a collective commitment to thwarting cybercriminals remain essential in the fight to safeguard the burgeoning digital economy.