A recent United Nations report has shed light on the illicit activities of North Korean hackers, revealing their utilization of the crypto mixer Tornado Cash to funnel millions of dollars in stolen cryptocurrency back to the isolated nation.

North Korean Cybercriminal Activity

The confidential report obtained by Reuters exposes the activities of the Lazarus Group, a notorious cybercriminal organization linked to North Korea. In March 2023, the group illicitly obtained $147.5 million worth of cryptocurrency from HTX, a crypto exchange owned by TRON founder Justin Sun. Subsequently, they successfully transferred these funds back to North Korea in 2024, using the sanctioned crypto mixer Tornado Cash.

UN Monitoring and Investigations

UN monitors have been investigating numerous suspected North Korean cyberattacks on cryptocurrency firms since 2017, totaling approximately $3.6 billion. Additionally, they have uncovered information suggesting that North Korean IT workers abroad generate significant income for their country. Recent reports also indicate Russia's involvement in releasing frozen North Korean assets and facilitating access to international banking networks.

Lazarus Group and Tornado Cash

The Lazarus Group, along with other North Korean hackers, has executed numerous lucrative hacks within the crypto and DeFi sectors, often utilizing Tornado Cash as their preferred tool for laundering stolen funds. Despite being sanctioned by the US in 2022 and facing legal charges in 2023, Tornado Cash remains a key component of their illicit activities.

Diverse Targets and Stolen Amounts

North Korea's cybercriminal activity in the cryptocurrency space has been extensive and diverse. In 2023, they expanded their targeting, executing a record-high number of hacks, albeit with a decrease in total stolen amounts compared to the previous year. Notably, DeFi platforms were a primary target, with approximately $429 million stolen, followed by centralized exchanges, wallet providers, and other services.

Conclusion

The UN report underscores the ongoing challenges posed by North Korean cybercriminals in the cryptocurrency sphere and highlights the need for continued vigilance and regulation. As these hackers continue to adapt and evolve their tactics, international cooperation and stringent measures are essential to combatting cybercrime and protecting the integrity of the global financial system.