Recent research by Chainalysis has uncovered on-chain traces that would show the use of crypto exchanges located in Russia by hackers from North Korea, with the aim of cleaning up stolen funds.
To date, $340 million in cryptocurrency has been identified from hacks by North Koreans.
The geopolitical context
However, it is necessary to contextualize these events within the current geopolitical landscape so that relevant details are not missed.
Chainalysis is an American company based in New York City. Among other things, it often works for the FBI and IRS, thus in close contact with US government authorities.
On the other hand, Russia and North Korea are allies, and they are also allies vis-à-vis China. The US has seen China and Russia as real enemies for a few years now, so it is necessary to point out that Chainalysis’ actions may not be impartial.
That said, their on-chain analyses are based on objective data, often supplemented by data extrapolated in other ways, so in theory they should be verifiable.
By contrast, it is no mystery that North Korea has a veritable cadre of state hackers who operate with the express purpose of stealing crypto funds from holders around the world.
According to a United Nations report, the North Korean state is allegedly using increasingly sophisticated cyber attacks to fund nuclear missile programs.
Analysis by Chainalysis: North Korea hackers exploit crypto exchanges in Russia
It is no coincidence that the report Chainalysis published with the results of its analysis begins with an explicit reference to the recent meeting between Vladimir Putin and Kim Jung-un.
The hypothesis that emerges is that of a convergence of North Korean and Russian forces in support of North Korea’s extensive state crypto hacking campaign.
The report reveals that hacker groups linked to the Democratic People’s Republic of Korea (DPRK) are increasing their use of Russian-based crypto exchanges to launder stolen cryptocurrencies.
Specifically, Chainalysis analysts have identified on-chain $21.9 million in cryptocurrencies stolen from the Harmony Protocol that were recently transferred to a Russian-based exchange.
Usually in such cases the exchange is notified and can proceed to block those funds, but apparently that did not happen.
The Harmony hack occurred in June last year, thanks to a compromised multi-sig scheme, and netted about $100 million in all. The North Koreans would be behind this hack.
According to Chainalysis this would not be the only such case, because they would have found traces dating as far back as 2021 of other uses of Russian crypto exchanges by North Korean hackers.
They state in the report that there would be “a potent alliance between North Korean and Russian cybercriminal actors” in place, with little chance of recovering the funds.
“While the types of mainstream centralized exchanges North Korean hackers have previously relied upon typically cooperate, Russia’s exchanges and law enforcement agencies have a track record of non-compliance, significantly reducing the chance of asset recovery.”
North Korean hacks
The report reveals that hacking activities associated with the DPRK during 2023 yielded $340.4 million, while in total last year they yielded over $1.65 billion.
The one in 2022 was a real record, so much so that from 2016 to date the total amount of funds stolen is $3.54 billion. In other words, in 2022 alone, thefts totaling almost half of all those that have occurred to date were concentrated.
According to Chainalysis, 29.7% of cryptocurrencies stolen through hacks this year can be traced back to North Korean state hackers, which is a higher percentage than even last year.
The hypothesis is that North Korea uses these attacks to steal funds to be used to finance among other things its nuclear missile program, and that Russia somehow cooperates, or turns a blind eye, because that way some of the stolen funds end up in its coffers.
While other states try to identify and block hackers who steal funds in this way, North Korea has even hired them, precisely for the purpose of stealing cryptocurrency from others.
Russia would fall among those collaborationist states, allied with North Korea, that not only fail to cooperate with law enforcement agencies in other countries to block hackers and return funds to their rightful owners, but even support this illicit behavior.