A recent report from blockchain analysis firm Chainalysis has unveiled a curious trend in cryptocurrency theft associated with North Korea. Despite a record-high number of hacking incidents in 2023, the actual stolen funds dropped by 50%.
While 2022 marked a peak year for crypto theft with $3.7 billion stolen, the figures plummeted to $1.7 billion in 2023. This decline is notable, especially as the number of individual hacking incidents increased from 219 in 2022 to 231 in 2023.
Chainalysis attributes the decrease in stolen funds to a substantial drop in DeFi hacking incidents, a significant factor in the surge witnessed in 2021 and 2022. In 2023, hackers stole only $1.1 billion from DeFi protocols, representing a 63% decrease in the value of funds stolen from such platforms. The report also highlights a marked reduction in the overall funds stolen from DeFi protocols.
The rise in North Korea-linked hacks, executed by cyber-espionage groups like Kimsuky and Lazarus Group, aligns with a broader trend of increasing sophistication in attack vectors. Cybersecurity experts, including Mar Gimenez-Aguilar from Halborn, emphasize the concerning escalation in the frequency and severity of DeFi attacks. Popular chains like EVM-based and Solana often become targets due to their popularity and smart contract execution capabilities.
The Chainalysis report categorizes attack vectors into two types: on-chain and off-chain. On-chain vectors originate from vulnerabilities within the DeFi protocol, while off-chain vectors stem from vulnerabilities external to the blockchain. This nuanced classification showcases the growing complexity of cyber threats faced by the crypto ecosystem.
The larger trend of North Korea-backed hacks is evident, with the Lazarus Group recently implicated in the $41 million hack of Stake.com. The US Department of the Treasury’s Office of Foreign Assets Control has sanctioned Sinbad.io, a virtual currency mixer used by the Lazarus Group for money laundering. Reports also suggest that North Korea-affiliated hackers have pilfered millions in crypto assets to fund the country’s nuclear weapons program. In a separate study, TRM Labs disclosed that hackers associated with North Korea seized over $600 million worth of crypto assets, reinforcing the scale of this persistent threat.
