North Korea hackers focus on high-value crypto targets

North Korea-linked hacking groups are increasingly shifting away from indiscriminate cyberattacks toward a more targeted strategy focused on high-value objectives, according to new findings.

In a report released on Dec. 21, U.S.-based blockchain analytics firm Chainalysis said North Korea-linked hacking groups stole an estimated $2.02 billion in virtual assets this year, or about 3 trillion won. The firm said the figure represents a 51 percent increase from last year and described this year’s cryptocurrency theft by North Korea as the highest level ever recorded.

Notably, the total number of hacking attempts by North Korea-linked groups declined over the same period. According to the report, the number of attempted hacks this year fell 74 percent from a year earlier. Rather than carrying out frequent attacks, the groups have shifted their focus to so-called large targets, where a single successful breach can yield substantially higher returns. In the past, North Korea primarily targeted decentralized finance platforms with relatively weak security. This year, however, the groups have moved to attack core infrastructure, including centralized exchanges such as Upbit and Bybit.

The report also found that North Korea-linked groups typically break stolen cryptocurrency into amounts of $500,000 or less and move the funds across multiple wallet addresses. The tactic is intended to evade monitoring by exchanges and law enforcement agencies that track large transactions, while also making the flow of funds harder to trace. The report said this initial stage of money laundering is usually completed about 45 days after a successful theft. The groups are believed to remain inactive for a period after a hack, waiting for scrutiny to ease before quietly beginning the laundering process.

Chainalysis said North Korea’s hacking capabilities are growing increasingly sophisticated, allowing the groups to cause greater damage despite conducting fewer attacks. The firm added that there is a rising need to more precisely identify the distinctive money laundering patterns employed by North Korea-linked actors.


박종민 기자 blick@donga.com