North Korean-sponsored crypto hacks on the rise, experts warn
Cyber experts are warning of the rapid growth of crypto theft led by North Korean state-sponsored hackers following a series of heists against blockchain firms.
Nick Carlsen, a blockchain analyst at TRM Labs, said cyber-enabled financial crimes, particularly those allegedly carried out by North Korea, have accelerated in recent years as the East Asian country has become more sophisticated at stealing virtual currency.
“The threat landscape right now is as bad as I think it’s ever been when it comes to financial theft,” Carlsen said during a webinar hosted by the Center for a New American Security (CNAS) on Monday.
Carlsen was referring to a series of crypto heists this year involving hackers stealing millions of dollars worth of digital assets from blockchain firms.
Over the past two months, two California-based crypto firms – Harmony and Nomad – have lost over $100 million in virtual currency to hacks by unknown perpetrators. Both companies said they were working with police to track down the hackers and recover the stolen funds.
A senior administration official told reporters Monday that there have been seven major crypto hacks in 2022, several of which have U.S. ties to North Korea.
The official’s remarks were in response to the Treasury Department’s announcement on Monday that it was imposing sanctions on cryptocurrency mixer Tornado Cash for allegedly helping hackers launder more than $7 billion in virtual currency.
The department said Tornado Cash allowed cyber groups, including North Korean-backed hackers, to use its platform to launder the proceeds of cybercrime.
The agency also revealed that the cryptocurrency mixer was used to launder more than $96 million of illicit cyber funds originating from the Harmony bridge and at least $7.8 million from the Nomad crypto heist.
The sanctions mean that US entities are prohibited from doing business with Tornado Cash.
Carlsen said the sanctions against Tornado Cash are “monumental” and a “game changer”. He added that the United States has come a long way and is now taking an aggressive stance against cybercriminals who exploit cryptocurrencies for their own gain.
“Closing that avenue for criminals to launder money, that’s huge,” Carlsen said, adding that he was eager to see what further actions the US government plans to take in cracking down on crypto-related crimes.
The Treasury Department also sanctioned another crypto mixer, Blender.io, in May, alleging it was used to launder money from hackers backed by the North Korean government.
US officials have also been concerned about North Korea’s increasing use of crypto-theft to fund its nuclear and missile programs.
Anne Neuberger, the Biden administration’s deputy national security adviser for cyber and emerging technologies, recently said she was “concerned about North Korea’s cyber capabilities,” adding that the country uses “up to a third of [stolen crypto] funds to fund their missile program.”
A UN report this year found that between 2020 and 2021, North Korean-backed hackers stole more than $50 million in digital assets to fund the country’s missile program, the BBC reported. The UN report also revealed that the attacks targeted at least three cryptocurrency exchanges in North America, Europe and Asia.
At the webinar, Carlsen offered some suggestions for ways the United States can be more effective in countering cyber-enabled financial crimes. He said the United States should be more on the offensive and proactively disrupt North Korean cyber operations and infrastructure rather than waiting for an incident to occur before responding.
“It’s something I’d like to see a lot more of,” Carlsen said.
He also said there should be increased cooperation between the United States and South Korea as they join their cyber forces to combat growing North Korean threats.
“I think [North Korea] have probably gotten used to being in a position as the hunter and not the hunted, said Carlsen.
“So, it might be strategically useful to change that dynamic a little bit,” he added.