North Korea-Linked Hackers Experience 700 Million Revenue Drop in 2023 Despite Record Hacking Attempts

Chainalysis, the blockchain data platform, today shared its findings on stolen funds, as part of its annual 2024 Crypto Crime Report Virtual Asset Crime Report.

According to the report, hackers linked to North Korea were involved in 20 hacking incidents in 2023 alone and carried out more attacks than ever before, but the total value of stolen virtual assets was $1 billion (about 1.3 trillion won), a marked decrease compared to about $1.7 billion (approximately 2.3 trillion won) in 2022, which reached an all-time high.

North Korea-linked hackers were found to have diversified targets in 2023, targeting various platforms in the crypto space. $428.8 million from DeFi platforms, and also targeted centralized services ($150.0 million stolen), exchanges ($330.9 million), and wallet providers ($127.0 million). This includes the hack of Atomic Wallet, a non-custodial cryptocurrency wallet service, that led to estimated losses of $129 million.

“We expect to see North Korea-linked hacks continue to become increasingly sophisticated, and more diverse in their exploits. For instance, we saw 2022 as the most successful year ever for North Korea hacking groups based on the value of funds stolen, however in 2023 there were a larger number of attacks,” said Erin Plante, Vice President of Investigation, Chainalysis. “The faster the speed in which crypto platforms react to an exploit, the better equipped law enforcement agencies will be to contact exchanges where frozen funds are located to initiate seizure and contact services through which the funds flowed to gather relevant information about accounts and users. We anticipate that through stronger processes, global collaboration, and public private partnerships over time, crypto hacks will continue to decline.”

Overall stolen funds, which includes North Korea-linked hackers and other hacker groups, decreased by approximately 54.3% to $1.7 billion, largely due to a significant drop in DeFi hacking, which plummeted by 63.7% year-on-year. This decrease could be attributed to an improvement in security protocols within DeFi platforms and a bear market. However, there were still notable hacks on DeFi platforms in 2023. In March, for instance, Euler Finance, a borrowing and lending protocol on Ethereum, experienced a flash loan attack, leading to roughly $197 million in losses. July 2023 saw 33 hacks — the most of any month — which included $73.5 million stolen from Curve Finance.

Further analysis by Chainalysis’ partner Halborn, a security company specializing in web3 and blockchain solutions, found that hackers are exploiting on-chain and off-chain vulnerabilities. “Historically, the majority of DeFi hacks have stemmed from vulnerabilities in smart contract design and implementation — a large proportion of the affected contracts we examined had either not undergone any audit or had been audited inadequately,” said Mar Gimenez-Aguilar, Lead Security Architect and Researcher at Halborn, explaining on-chain vulnerabilities. “Another notable trend is the increase in attacks as a result of compromised private keys, which underscores the importance of improvements in security practices outside of a given blockchain.” Chainalysis’ data shows that both the on-chain and off-chain vulnerabilities Gimenez-Aguilar describes — in particular the compromise of private keys, price manipulation hacks, and smart contract exploitation — drove hacking losses in 2023.

Read more here: https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2024/