North Korea hackers stole $400m of cryptocurrency in 2021, report says

North Korean hackers stole almost $400m (£291m) worth of digital assets in at least seven attacks on cryptocurrency platforms last year, a report claims.

Blockchain analysis company Chainalysis said it was one of most successful years on record for cyber-criminals in the closed east Asian state.

The attacks mainly targeted investment firms and centralised exchanges.

North Korea has routinely denied being involved in hack attacks attributed to them.

“From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%,” Chainalysis said in a report.

The hackers used a number of techniques, including phishing lures, code exploits and malware to siphon funds from the organisations’ “hot” wallets and then moved them into North Korea-controlled addresses, the company said.

Cryptocurrency hot wallets are connected to the internet and cryptocurrency network and so are vulnerable to hacking. They are used to send and receive cryptocurrency, and allow users to view how many tokens they have.

Many experts recommend moving large amounts of cryptocurrency not needed day-to-day to “cold” wallets, which are disconnected from the wider internet.

Chainalysis said it is likely that many of last year’s attacks were conducted by the so-called Lazarus Group, a hacking group sanctioned by the US, which is believed to be controlled by North Korea’s primary intelligence bureau, the Reconnaissance General Bureau.

The Lazarus Group has previously been accused of involvement in the “WannaCry” ransomware attacks, the hacking of international banks and customer accounts and cyber-attacks on Sony Pictures in 2014.

“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” the report on last year’s cyber attacks added.

A United Nations panel that monitors sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programmes as a way to avoid international sanctions.

Separately, in February last year, the US charged three North Korean computer programmers with a massive hacking spree aimed at stealing more than $1.3bn in money and cryptocurrency.

The cyber attacks affected companies from banks to Hollywood movie studios, the Department of Justice said.