North Korean Hackers Laundering Stolen Funds Via Russian Exchanges: Chainalysis

Hackers and hacking groups believed to be backed by the Democratic People's Republic of Korea (DPRK) have been using crypto exchange platforms in Russia to launder their stolen funds, according to a recent report from blockchain analysis firm Chainalysis.

The report, released in mid-September, revealed that $21.9 million in crypto siphoned from Harmony Protocol has been moved to a Russian-based exchange known for illegal transactions.

Moreover, Chainalysis confirmed that North Korean entities have been using this exchange and other Russian services to launder stolen funds since 2021.

The report said this could mean the prospect of recovering funds stolen from crypto businesses and laundered on these exchanges is nearly impossible.

"Not only does this revelation signify a potent alliance between North Korean and Russian cybercriminal actors, but it also presents challenges for global authorities. Russia's notoriously uncooperative stance toward international efforts by law enforcement makes the prospect of recovering stolen funds sent to Russian exchanges particularly grim, " Chainalysis said in the report.

Aside from the possible North Korea-Russia relationship, the report also underlined that North Korea-linked hacking groups have only made $340.4 million this year, compared to the $1.65 billion they made in 2022, which was described as the year with "catastrophically high figures" in terms of amounts of funds stolen.

"While North Korea-linked hackers are on pace to steal much less cryptocurrency than they did last year, it's important to acknowledge that the catastrophically high figures from 2022 created an unusually high bar to surpass," the report said.

Chainalysis estimated that North Korean hackers have stolen a whopping $3.54 billion in crypto since 2016, noting that "DPRK continues to be an incubator for hacking activities and remains one of the largest active threats in the cybercrime landscape."

Among these cyber criminals is the notorious group Lazarus, which is believed to be behind the theft of $55 million worth of crypto from the crypto exchange CoinEx this month.

The U.S. Federal Bureau of Investigation (FBI) also identified Lazarus as the group behind the $40 million hack on crypto betting platform Stake.

"The FBI has confirmed that this theft took place on or about September 4, 2023, and attributes it to the Lazarus Group (also known as APT38) which is comprised of DPRK cyber actors," the law enforcement agency said in a news release.

"Private sector entities are encouraged to review the previously released Cyber Security Advisory on TraderTraitor and examine the blockchain data associated with the above-referenced virtual currency addresses and be vigilant in guarding against transactions directly with, or derived from, those addresses," it added.