A Third of 2023 Crypto Hacks Traces Back to North Korea, Says TRM Labs

A Third of 2023 Crypto Hacks Traces Back to North Korea, Says TRM Labs

by January 8, 2024

A recent report by blockchain intelligence company TRM Labs reveals a concerning trend of crypto hacks by North Korea, who stole at least US$600 million in cryptocurrency in 2023.

This figure might even reach around US$700 million if additional crypto hacks from the end of the year are confirmed to be linked to North Korea.

Although this represents a decrease from the US$850 million stolen in 2022, crypto hacks by North Korea still accounted for almost a third of all funds stolen in crypto attacks last year.

The impact of North Korea’s cyber activities is significant, with their hacks being on average ten times more damaging than those not linked to it.

Since 2017, Pyongyang-linked threat actors have caused the loss of nearly US$3 billion worth of crypto. These hackers typically compromise private keys and seed phrases, essential security elements of digital wallets.

crypto hack north korea grand total

The stolen assets are then transferred to wallets under their control, often converted to cryptocurrencies like USDT or Tron, and then exchanged for hard currency using high-volume OTC brokers.

Moreover, the DPRK has been continually evolving its money laundering tactics to evade international law enforcement. As US sanctions and enforcement actions targeted their previous go-to obfuscation platforms like Tornado Cash and ChipMixer, North Korea pivoted to another mixer, the BTC service Sinbad. Even after Sinbad was sanctioned by OFAC in November 2023, they continued to explore other tools for laundering.

TRM Labs’ report said,

“With nearly US$ 1.5 billion stolen in the past two years alone, North Korea’s hacking prowess demands continuous vigilance and innovation from business and governments.


Despite notable advancements in cybersecurity among exchanges and increased international collaboration in tracking and recovering stolen funds, 2024 is likely to see further disruption from the world’s most prolific cyber-thief.”


Featured image credit: Edited from Freepik