North Korea-backed threat actors expanded their cyber operations targeting cryptocurrency platforms in 2023, surpassing the number of hacks seen in the previous year. However, the total amount of digital currency stolen witnessed a decline compared to 2022.
Research conducted by Chainalysis revealed that North Korean adversaries managed to pilfer just over $1.0 billion in 2023, a decrease from the approximately $1.7 billion stolen in the previous year.
The surge in 2022, which marked a record for stolen cryptocurrencies linked to North Korean-aligned threat actors, was predominantly driven by a major heist on decentralized finance (DeFi) products. During that period, hackers from North Korea siphoned off around $1.19 billion in DeFi assets, constituting 70% of all crypto gains.
Global Decline in DeFi Hacking
In 2023, the global enthusiasm for DeFi saw a downturn, resulting in North Korean hackers extracting fewer gains from targeting DeFi protocols.
Chainalysis researchers suggested that this shift in trend likely stems from two main factors. Firstly, developers and maintainers of DeFi protocols have enhanced their operational security (OpSec).
“Security experts have indicated that many DeFi vulnerabilities in the past were a result of protocol operators prioritizing growth over implementing robust security systems,” notes the Chainalysis report.
The second factor contributing to this trend is the decrease in the value of DeFi assets in 2023, impacting the overall gains from DeFi hacking globally.
The global value lost in DeFi hacks decreased by 63.7% year-over-year in 2023, with the median loss per DeFi hack dropping by 7.4%. Despite an increase in the number of individual crypto hacks, DeFi hacks specifically declined by 17.2%.
This pattern is reflected in North Korean hacking activities, where they stole $428.8 million from DeFi platforms in 2023, down from $1.19 billion in 2022.
Diversification of Targets
To offset the loss of income, North Korean hackers diversified their attack vectors in 2023, targeting centralized crypto platforms and crypto wallets such as Atomic Wallet, Alphapo, and Coinspaid.
Chainalysis views this shift in targeting as an indication of hackers employing more sophisticated attacks against crypto assets. However, the firm also pointed out that crypto platforms are enhancing their security measures and responses to attacks, enabling law enforcement agencies to act more swiftly.
“As these processes improve over time, it is likely that funds stolen from crypto hacks will continue to decline,” predicts Chainalysis.