The past year saw a breathtaking rise in the value of cryptocurrencies like Bitcoin and Ethereum, with Bitcoin gaining 60 percent in value in 2021 and Ethereum spiking 80 percent. So perhaps it’s no surprise that the relentless North Korean hackers who feed off that booming crypto economy had a very good year as well.
North Korean hackers stole a total of $395 million worth of crypto coins last year across seven intrusions into cryptocurrency exchanges and investment firms, according to blockchain analysis firm Chainalysis. The nine-figure sum represents a nearly $100 million increase over the previous year’s thefts by North Korean hacker groups, and it brings their total haul over the past five years to $1.5 billion in cryptocurrency alone—not including the uncounted hundreds of millions more the country has stolen from the traditional financial system. That hoard of stolen cryptocurrency now contributes significantly to the coffers of Kim Jong-un’s totalitarian regime as it seeks to fund itself—and its weapons programs—despite the country’s heavily sanctioned, isolated, and ailing economy.
“They’ve been very successful,” says Erin Plante, a senior director of investigations at Chainalysis, whose report calls 2021 a “banner year” for North Korean cryptocurrency thefts. The findings show that North Korea’s global, serial robberies have accelerated even in the midst of an attempted law enforcement crackdown; the US Justice Department, for instance, indicted three North Koreans in absentia in February of last year, accusing them of stealing at least $121 million from cryptocurrency businesses along with a slew of other financial crimes. Charges were also brought against a Canadian man who had allegedly helped to launder the funds. But those efforts haven’t stopped the hemorrhaging of crypto wealth. “We were excited to see actions against North Korea from law enforcement agencies,” Plante says, “yet the threat persists and is growing.”
The Chainalysis numbers, based on exchange rates at the time the money was stolen, don’t merely point to an appreciation of cryptocurrency’s value. The growth in stolen funds also tracks with the number of thefts last year; the seven breaches Chainalysis tracked in 2021 amount to three more than in 2020, though fewer than the 10 successful attacks that North Korean hackers carried out in 2018, when they stole a record $522 million.
For the first time since Chainalysis began tracking North Korean cryptocurrency thefts, Bitcoin no longer represents anywhere near the majority of the country’s take, accounting for only around 20 percent of the stolen funds. Fully 58 percent of the groups’ cryptocurrency gains came instead in the form of stolen ether, the Ethereum network’s currency unit. Another 11 percent, around $40 million, came from stolen ERC-20 tokens, a form of crypto asset used to create smart contracts on the Ethereum blockchain.
Chainalysis’s Plante attributes that increased focus on Ethereum-based cryptocurrencies—$272 million in total thefts last year versus $161 million in 2020—to the skyrocketing price of assets in the Ethereum economy, combined with the nascent companies that growth has fostered. “Some of these exchanges and trading platforms are just newer and potentially more vulnerable to these types of intrusions,” she says, “They’re trading heavily in ether and ERC-20 tokens, and they’re just easier targets.”