The cryptocurrency market took a huge hacking hit in 2022, with investors losing millions of dollars and regulators calling for increased consumer protection. According to a recent Chainalysis report, hackers stole as much as $3.8 billion worth of crypto assets throughout the year–and North Korean-linked entities were by far the most prolific perpetrators of the hacks.
Last year, hackers managed to steal a staggering $3.1 billion from DeFi protocols alone–82.1% of the total and an increase from 73.3% in 2021.
64% of losses were stolen from cross-chain bridge protocols, which have become a major focus for hackers due to the large amount of funds located in the smart contracts utilized by bridges.
“If a bridge gets big enough, any error in its underlying smart contract code or other potential weak spot is almost sure to eventually be found and exploited by bad actors,” noted Chainalysis.
Last March and October saw huge spikes in hacks, with cyber-attack losses of $732.4 million and $775.7 million respectively–making October the largest single month ever for crypto hacks at 32 breaches in total.
Lazarus Group North Korean Hacks Break Records
The cybercriminal syndicate Lazarus Group was responsible for the majority of the 2022 heists, stealing an estimated $1.7 billion worth of cryptocurrency throughout last year alone, $1.1 billion of which came from DeFi protocols.
It is believed that their attacks are used to finance missile and nuclear weapons programs, as publicly declared trade has been significantly reduced due to sanctions and the COVID-19 pandemic.
Chainalysis also pointed out that crypto hacking is a “sizeable chunk” of the country’s economy since its total exports in 2020 were $142 million.
“Thieves stole record $3.8N of crypto in 2022 as sanctions on North Korea drove a surge in suspected hacking by the Asian nation.”
— Danielle DiMartino Booth (@DiMartinoBooth) February 1, 2023
Since Lazarus Group and other North Korean hackers mainly target decentralized finance protocols, they often funnel their ill-gotten funds into other DeFi platforms to swap for more liquid assets. Chainalysis also observed that the North Korean-affiliated hackers send their pilfered funds to coin mixers “at a much higher rate than funds stolen by other individuals or groups.”
Tornado Cash was originally the primary platform used by North Korean hackers to launder money, but since the introduction of OFAC sanctions, they have started using other mixers more frequently–a pattern that especially expanded in Q4 2022.
OFAC doubled down on its Tornado Cash sanctions, alleging the crypto mixer was involved in facilitating transactions connected to North Korea’s nuclear weapons program 😬
— The Defiant (@DefiantNews) November 11, 2022
Sindbad, a relatively new Bitcoin mixer, has increasingly been used by North Korean hackers since December 2022. This malicious activity came to light when these entities deposited 1,429.6 Bitcoin worth $24.2 million into the mixing platform between December and January 2023.
Chainalysis also highlighted the fact that crypto-hacking is a “sizable chunk” of a country’s entire economic output, as evidenced by its exports in 2020, which amounted to just $142 million.
The FBI also recently confirmed that Lazarus Group, also known as APT38, was responsible for the theft of $100 million in cryptocurrency in the Horizon Bridge hack last year.
— Coin Gabbar: Crypto Information Marketplace (@coin_gabbar) January 24, 2023
In addition, the FBI reported that the group recently used the Railgun mixer to launder over $60 million worth of the cryptocurrency ether, which was stolen during a June 2022 heist. Railgun is another mixer that helps preserve the anonymity of individuals moving cryptocurrency.
North Korea-linked actors have been connected to other specific cryptocurrency hacks in the past as well, including the $600 million heist of the Ronin Network, a sidechain for the popular crypto game Axie Infinity, which was blamed on Lazarus Group by the U.S. Treasury Department.
Meanwhile, Money S, a South Korean media outlet, recently reported that Spanish cybersecurity firm Panda Security has predicted a “surge in fraudulent activities” related to virtual assets in 2023.
According to the firm, North Korean hackers will seek to “exploit the renewed public interest in cryptocurrency” as markets recover from the bear market of 2022. They also warned that major exchanges may be attacked this year as well, which could potentially endanger user funds.
How to Protect Your Cryptocurrency from North Korean and Other Hacks
To protect crypto assets, you must take a multi-layered approach that covers both digital and physical security measures. The following steps can help ensure the safety of your crypto assets:
- Keep Private Keys Safe: To keep crypto assets secure, store your private keys in a safe and secure place. One of the most secure options is to use a hardware wallet, which is essentially a physical device that stores the private keys in an encrypted form. Keeping the private keys on a physical device makes it much more difficult for hackers to steal them. Another option is writing them down and hiding them somewhere good, potentially at two separate locations in the event of a fire at one location.
- Use Password Managers: It is also a good idea to use a password manager to securely store the passwords for crypto exchanges and other online accounts. Using a password manager allows users to generate large, unique, and random passwords, making it much more difficult for hackers to gain access to their accounts. Just make sure your root password is very good and take care to memorize it and write it down, also hiding it in a very secure location (or two). Make sure one or more trusted people know where it is in case something happens to you.
- Two-Factor Authentication (2FA): Enabling 2FA on all crypto-related accounts is another important step in protecting crypto assets. While the most common form of 2FA involves receiving a text message with a code, this method is not very secure as hackers can impersonate the user to gain access to their phone number. To avoid this, users can use an app such as Authy or a hardware key like Yubikey for 2FA.
- Spot Phishing Tactics: Cybercriminals are constantly devising new ways to steal crypto assets, including phishing attacks. Stay vigilant and look out for signs of a phishing attack. For example, users should be suspicious of unsolicited messages that ask them to download apps or open links. Only open links and attachments from trusted sources.
- Use Unique Credentials: To minimize the risk of cyberattacks, use unique credentials for all crypto-related (and other) accounts. Even if a hacker gains access to one of your online accounts, they won’t be able to access all crypto assets, hopefully.