Crypto hack alarms ramp up as authorities crack down after $3.7 billion stolen

Ines Kagubare
·6 min read
6

The rapid growth of cryptocurrency theft over the past few years has become a major concern for U.S. authorities, who are ramping up efforts to crack down on hackers and illicit crypto schemes.

Just last year, crypto hackers managed to steal about $3.7 billion in digital assets, with North Korean state-sponsored cyber actors taking the lead as the main culprit in many of those heists, according to TRM Labs, a blockchain intelligence company.

Although this year has seen a decline in crypto hacks compared to 2022, about $400 million of virtual currency was stolen in the first quarter of 2023, TRM Labs reported.

Over the last few years, North Korean state-sponsored cyber actors have aggressively targeted the crypto sector, often taking advantage of an industry that is not well understood by many and not well regulated.

North Korean flags are carried during a celebration of the nation’s 73rd founding anniversary in Pyongyang, North Korea, on Sept. 9, 2021. (Associated Press).
North Korean flags are carried during a celebration of the nation’s 73rd founding anniversary in Pyongyang, North Korea, on Sept. 9, 2021. (Associated Press).

U.S. officials and the United Nations have reported that stolen crypto funds have become an important source of revenue for North Korea’s nuclear and ballistic missile program.

“The problem has gotten very big and very serious with North Korea cybercriminals accounting for about $1 billion in stolen crypto last year,” said Ari Redbord, global head of policy and government affairs at TRM Labs.

“With North Korea, it is not about personal financial gain. Stolen crypto is used to fund weapons proliferation and other destabilizing activity,” Redbord said, adding that it has become a “serious national security threat.”

A top cyber official in the Biden administration also raised similar concerns regarding North Korea’s role in crypto hacks.

Anne Neuberger, the administration’s deputy national security adviser for cyber and emerging technology, said last year she was “concerned about North Korea’s cyber capabilities,” adding that the country uses “up to a third of [stolen crypto] funds to fund their missile program.”

Neuberger added that North Korea’s expansion of its missile testing has been a top priority for the administration, which has taken several enforcement actions to counter the country’s cyber threats, including imposing sanctions against criminal groups and seizing stolen digital assets.

Last year, the FBI confirmed North Korean-sponsored hackers known as the Lazarus Group, which had been sanctioned by the Treasury Department for targeting critical infrastructure, were responsible for stealing about $620 million in cryptocurrency from the virtual game Axie Infinity.

Immediate, severe impacts

Crypto hacks have become a major concern for many parties, especially those that invest in cryptocurrency because they could see their savings or investment wiped clean, experts said.

“In the age of the internet, a hack means the loss of usernames and passwords,” Redbord said. “In the age of crypto hacks, it could mean the loss of life savings or the ability of North Korea or other nation-state actors to fund malign activity.”

Redbord also said it is now more important than ever for law enforcement and regulators to keep up the pace in digital space as they crack down on cyber crime.

Josephine Wolff, an associate professor of cybersecurity policy at the Tufts University Fletcher School, said law enforcement should be worried about all types of cyber crimes because whether they are crypto hacks, cyberattacks, cyber espionage, cyber warfare or disinformation campaigns, they are all connected in some way.

“You don’t want to say, ‘Oh, we only care about disruptive cyberattacks,’ when the way that many criminals fund those disruptive cyberattacks may be at least partly through some cryptocurrency crime,” Wolff said.

Like Redbord, Wolff agreed that another reason to be worried about crypto hacks is that people are losing a lot of money as they feel “the impact of this pretty immediately and pretty severely.”

Russia eyes crypto for sanctions evasion

Russian President Vladimir Putin attends a meeting with members of the Business Russia organisation at the Kremlin in Moscow, Russia, Friday, May 26, 2023. (Mikhail Klimentyev, Sputnik, Kremlin Pool Photo via AP)
Russian President Vladimir Putin attends a meeting with members of the Business Russia organization at the Kremlin in Moscow on May 26. (Mikhail Klimentyev, Sputnik, Kremlin Pool Photo via AP)

Although North Korea leads the world in crypto hacking, Russia has also engaged in such activity to evade economic sanctions and fund projects it deems as important to its national security interests, experts said.

“I think that for countries like North Korea and now Russia that face a lot of sanctions, you would imagine that that money would be used for just about anything that a government wants to do but has trouble funding,” Wolff said.

Just last week, the Department of Justice unsealed charges against two Russian nationals accused of participating in a 2011 hack of cryptocurrency exchange Mt. Gox.

The agency said the two Russian defendants were charged with conspiring to launder about 647,000 bitcoins from the Mt. Gox hack.

Redbord said Russia, which has been trying to evade U.S. economic sanctions, has participated in various crypto schemes. Russia colluded with Iran to conduct cross-border trade in cryptocurrencies and has used paramilitary groups to raise funds in crypto to support Russia’s war in Ukraine.

“While none of these efforts have moved the needle dramatically, over time they can have an impact,” Redbord said.

How has the US responded?

FILE - The Treasury Building is viewed in Washington, May 4, 2021. The United States has announced sanctions against a group of Iranian and Turkish people and firms accused of plotting to assassinate former U.S. government officials, dual U.S. and Iranian nationals, and dissidents. Several alleged assassination plots have been uncovered in recent years. (AP Photo/Patrick Semansky, File)
The Treasury Building is viewed in Washington in 2021. (AP Photo/Patrick Semansky, File)

Over the past few years, U.S. authorities have increased their efforts to fight crypto hacks, including imposing sanctions on entities and crypto mixers, indicting individuals, and seizing domains.

In March, the DOJ said it dismantled a darknet cryptocurrency mixer, known as ChipMixer, which allowed cybercriminals to launder more than $3 million of digital assets.

The agency said it seized two domains that directed users to the mixing service, which was involved in other illegal activities — including ransomware, fraud, cryptocurrency heists and other hacking schemes.

And last year, the Treasury Department sanctioned Tornado Cash, another cryptocurrency mixer, for helping hackers launder more than $7 billion worth of virtual currency.

Tornado Cash allowed cyber groups, including North Korean-backed hackers, to use its platform to launder the proceeds of cyber crimes, Treasury said.

Wolff said although it can be hard to deter cyber criminals from engaging in these activities, law enforcement can block off some of their infrastructure, like cracking down on illicit crypto mixers.

Last year, blockchain data firm Chainalysis released a report that found the use of crypto mixers reached an all-time high in 2022, with state-sponsored actors and cyber criminals making up a large portion of users.

In 2022, illicit addresses accounted for 23 percent of funds sent to mixers, up from 12 percent in 2021, the report found.

“While we are seeing cybercriminals become more and more sophisticated, law enforcement and the tools they use to track and trace funds are also becoming better,” Redbord said.

For the latest news, weather, sports, and streaming video, head to The Hill.