This article is more than three months old

North Korea swiped $293m in crypto last year — and rising crypto prices mean more hacks are coming

North Korea swiped $293m in crypto last year — and rising crypto prices mean more hacks are coming
Lazarus carried out hacks to the end of 2023, and this year's bull market means more trouble is around the corner. Credit: Andrés Núñez
  • Lazarus nabbed at least $293 million from victims across six heists.
  • The cybercriminal group has been linked to North Korea’s nuclear weapons programme.
  • The group’s most recent hack took place on December 31, setting the stage for a perilous 2024.

Lazarus ravaged the crypto world in 2023, with at least $293 million in stolen funds attributed to the North Korean cybercrime cabal.

That was a fraction of what it nabbed in 2022 — a staggering $1.7 billion.

But the thefts show Lazarus Group and North Korea-linked hackers “continue to evolve in sophistication” in both tactics and money-laundering channels, Erin Plante, vice president of investigations at Chainalysis, told DL News.

The threat of Lazarus will rise with crypto prices as many expect a new bull market.

Stay ahead of the game with our weekly newsletters

With more capital flowing into the industry, criminals will be tempted to launch more attacks, increasing the pressure on organisational security, as highlighted by smart contract auditing firm CertiK in a January report.

Analysts suggested an $82 million hack of Orbit Bridge on New Years’ Eve may be the most recent attack by Lazarus. If true, it would bookend a year that saw five other hacks across exchanges, wallet providers, and payment processors.

DL News reported in April that the rogue nation is using crypto loot to fund its nuclear weapons programme.

If the group is to maintain its stream of illicit income, it will have to develop new ways around and through an increasingly tight security landscape.

Join the community to get our latest stories and updates

Plante pointed to the use of Russia-based exchanges to launder funds in 2023, on the back of a much-publicised meeting between North Korean dictator Kim Jong-Un and Russia’s Vladimir Putin — a well-known strategy for criminals to abscond with stolen crypto.

Authorities in the West are fighting back. In September, the US Federal Bureau of Investigation identified Lazarus as responsible for numerous hacks, and rolled out sanctions against associated wallets.

Plante added: “Law enforcement capabilities are also evolving to keep pace with these hackers, making Lazarus Group’s efforts harder and less fruitful over the years.”

Crypto must learn from past mistakes, according to CertiK.

With that in mind, let’s look at the hacks attributed to Lazarus in 2023:

Atomic Wallet: $100 million

Lazarus’s biggest heist of the year was the Atomic Wallet hack, which netted $100 million of customer funds drained directly from their wallets.

Analytics firm Elliptic identified Lazarus as the culprit just days after the hack, though the initial estimate of losses was only $35 million.

Angered users and investors subsequently sued Atomic via the Colorado District Court, alleging that “many users lost their entire portfolios.”

Alphapo: $60 million

In July, Lazarus gained access to the private keys of payment processor Alphapo’s hot wallets and drained about $60 million in funds.

Alphapo serves as a payment processor for a number of online gambling services, including HypeDrop, Bovada, and Ignition.

The FBI confirmed Lazarus as the culprit in September.

Coinex: $55 million

A September hack of global cryptocurrency exchange Coinex saw $55 million taken from compromised hot wallets.

The Hong Kong-based exchange halted withdrawals and deposits for 10 days following the attack.

Elliptic identified Lazarus as responsible a few days later.

Stake.com: $41 million

Stake.com, an Australian-Curaçaoan online casino known for recruiting celebrity endorsers was hit for $41 million.

Lazarus was able to make unauthorised transactions from several Stake hot wallets. Stake co-founder Edward Craven told DL News the platform’s private keys were not compromised, despite claims by blockchain experts to the contrary.

Lazarus was identified as responsible by the FBI in its September wave of sanctions.

Coinspaid: $37 million

Estonia-based Coinspaid, an ecosystem for crypto payments, suffered a $37 million hack in July.

Lazarus carried out the attack using social engineering, in which malicious actors use various methods such as identity fraud and impersonation to gain the trust of victims, with the end goal of obtaining sensitive information including passwords or private keys.

Following the attack, Coinspaid conducted an internal investigation with the help of blockchain intelligence firm Match Systems, which determined Lazarus to be the attacker.

Coinspaid was attacked again on January 6 for $7.5 million, according to web3 security firm Cyvers, though it is unclear who was responsible.

Orbit Bridge — $82 million

On the last day of the year, Orbit Bridge was the victim of a signature exploit that saw $82 million in funds stolen.

Observers including MetaMask developer Taylor Monahan and blockchain intelligence firm Match Systems attributed the hack to Lazarus, while Orbit requested the crypto community refrain from disseminating rumours about the hack.

If the Orbit hack was indeed carried out by Lazarus, it was the second-biggest hack of the year for the group — a disturbing finale for 2023.

Tyler Pearson is a Markets Correspondent at DL News. If you’ve got a hot crypto tip, please reach out at ty@dlnews.com.