Technology

North Korean-sponsored crypto hacks on the rise, experts warn

Cybersecurity experts are warning against the rapid growth of cryptocurrency theft led by North Korean state-sponsored hackers following a series of heists targeting blockchain firms.

Nick Carlsen, a blockchain analyst at TRM Labs, said cyber-enabled financial crimes, especially those allegedly conducted by North Korea, have accelerated over the past few years as the East Asian country has become more sophisticated in stealing virtual currency.

“The threat landscape right now is as bad as I think it has ever been when it comes to financial theft,” Carlsen said during a webinar hosted by the Center for a New American Security on Tuesday.

Carlsen was referring to a string of crypto heists this year involving hackers stealing millions of dollars worth of digital assets from blockchain firms.

In the last two months, two California-based crypto firms — Harmony and Nomad — lost more than $100 million dollars in virtual currency following hacks from unknown perpetrators. Both companies said that they were working with law enforcement to track down the hackers and retrieve the stolen funds.

A senior administration official told reporters on Monday that there have been seven major crypto hacks in 2022, several of which the U.S. ties to North Korea.

The official’s remarks were in response to the Treasury Department’s announcement on Monday that it was imposing sanctions on cryptocurrency mixer Tornado Cash for allegedly helping hackers launder more than $7 billion worth of virtual currency.

The department said Tornado Cash allowed cyber groups, including North Korean-backed hackers, to use its platform to launder the proceeds of cybercrimes. 

The agency also disclosed that the cryptocurrency mixer was used to launder more than $96 million of illicit cyber funds originating from the Harmony bridge heist and at least $7.8 million from the Nomad crypto theft.

The sanctions mean that U.S. entities are forbidden from conducting business with Tornado Cash.

Carlsen said the sanctions against Tornado Cash are “monumental” and a “game changer.” He added that the U.S. has come a long way and is now taking an aggressive stance against cyber criminals exploiting cryptocurrencies for their own gains.

“Shutting down that avenue for criminals to launder money, that’s huge,” Carlsen said, adding that he was eager to see what further actions the U.S. government plans to take when countering crypto-related crimes. 

The Treasury Department also sanctioned another crypto mixer, Blender.io, in May, alleging that it was being used to launder money from hackers backed by North Korea’s government.

U.S. officials have also been worried about North Korea’s increasing use of crypto theft to fund its nuclear and missile programs.

Anne Neuberger, the Biden administration’s deputy national security adviser for cyber and emerging technology, recently said that she was “concerned about North Korea’s cyber capabilities,” adding that the country uses “up to a third of [stolen crypto] funds to fund their missile program.”

A United Nations report this year found that between 2020 and 2021, North Korean-backed hackers stole more than $50 million in digital assets to fund the country’s missile program, the BBC reported. The U.N. report also revealed that the attacks targeted at least three cryptocurrency exchanges in North America, Europe and Asia.

At the webinar, Carlsen gave a few suggestions on ways the U.S. can be more efficient at countering cyber-enabled financial crimes. He said the U.S. should be more on the offense and proactively disrupt North Korean cyber operations and infrastructure instead of waiting for an incident to occur to then respond.

“That’s something I’d like to see a lot more of,” Carlsen said. 

He also said that there should be increased collaboration between the U.S. and South Korea as they join their cyber forces to combat rising North Korean threats.

“I think [North Korea] has probably gotten used to being in a position of being the hunter and not the hunted,” Carlsen said.

“So it might be strategically helpful to shift that dynamic a little bit,” he added.