North Korea Leads in Crypto Thefts: Billions Stolen Through Private Key Exploits

The world of cryptocurrency has become a prime target for hackers, with North Korea at the forefront of orchestrating some of the most significant financial heists in recent years.

by Faruk Imamovic
North Korea Leads in Crypto Thefts: Billions Stolen Through Private Key Exploits
© Getty Images/Jack Taylor

The world of cryptocurrency has become a prime target for hackers, with North Korea at the forefront of orchestrating some of the most significant financial heists in recent years. An extensive review of data from the United Nations Security Council (UNSC) and DeFiLlama reveals a disturbing trend of rising crypto thefts, particularly through the exploitation of private keys.

Since 2020, North Korea-linked hacks have accounted for approximately $2.4 billion in stolen cryptocurrency, highlighting the sophisticated and persistent threat posed by these state-backed cybercriminals.

Sophisticated Strategies and High-Value Targets

The hacking syndicate known as the Lazarus Group, allegedly supported by the North Korean state, primarily orchestrates these heists.

Their methods are not only sophisticated but are also focused on high-value targets which often involve exploiting software flaws and conducting phishing attacks. The UNSC's latest 615-page report sheds light on 58 crypto heists dating back to 2017, with North Korea's fingerprints all over them.

In 2023 alone, these hacks netted about $700 million, signifying a relentless pursuit of illicit gains, purportedly to fund North Korea's weapons of mass destruction program. Gaining a comprehensive understanding of each attack's full scope remains a challenge.

Slava Demchuk, co-founder of AMLBot, suggests that the real magnitude of these hacks might be underreported as not all victims come forward. This sentiment is echoed by the blockchain forensics firm Chainalysis, which reports even higher figures than the UNSC, indicating that the problem might be more severe than it appears.

Vulnerabilities Exploited: The Private Key Problem

The focus on private keys as a method of attack is particularly troubling. Private keys are crucial for accessing and transferring cryptocurrency, making them a golden ticket for cybercriminals.

Gonçalo Magalhães, head of security at Immunefi, emphasizes the substantial risks associated with private key compromises, which often lead to the most significant financial losses. Since 2020, there have been at least 41 major hacks involving private key exploits, resulting in a staggering $2.9 billion in losses.

This method alone accounts for about 38% of the total $7.74 billion in value hacked since the beginning of the decade. Magalhães further notes that the methods employed in these hacks are not just limited to technical exploits.

North Korean hackers also combine detailed technical knowledge with social engineering and spear-phishing capabilities, targeting a small number of high-value entities and playing what he describes as a "very long game."

North Korea Leads in Crypto Thefts: Billions Stolen Through Private Key Exploits© Getty Images/Jack Taylor

DeFi's Double-Edged Sword: Innovation and Vulnerability

While the decentralized finance (DeFi) sector promises innovation and freedom from traditional banking, it also introduces new vulnerabilities.

Kieran Mesquita, a contributor to the privacy protocol Railgun, points out that many DeFi projects exhibit centralized tendencies that emerge during their development phases. This centralization, particularly in the management of admin keys, can leave protocols exposed to potential breaches.

The case of Railgun is particularly noteworthy; despite being a favored tool by Ethereum's founder, Vitalik Buterin, for enhancing transaction privacy, it has been accused by the FBI of being used by North Korean criminals to launder funds.

Market Manipulations and Flash Loan Attacks

Another disturbing trend in the crypto world is the prevalence of flash loan attacks. These attacks, which involve borrowing large sums of cryptocurrency without collateral and exploiting market vulnerabilities for profit, are particularly problematic.

They not only disrupt market stability but also expose the inherent risks in the smart contract designs of many trading platforms. Despite the lower total losses compared to other types of security breaches, flash loan attacks represent a significant threat due to their ability to manipulate the market dramatically.

In 2020, flash loan attacks led to a cumulative loss of $1.16 billion, underscoring the need for better security measures and smarter contract designs within the DeFi sector.

Individual Investors: Navigating a Minefield of Cyber Threats

The rise in cryptocurrency's popularity has not only attracted investors but also a growing number of cybercriminals.

The lure of quick profits and the anonymous nature of blockchain transactions make individual investors particularly vulnerable to a variety of attacks. Tim Zinin, chief marketing officer of 1inch Hardware Wallet, highlights an alarming trend: "The growth in losses from phishing attacks targeting individuals is concerning and likely reflects attackers following the money as more retail users enter DeFi." In March alone, investors lost $71 million to phishing scams—a staggering 50% increase from February.

These attacks typically involve deceiving the user into giving away sensitive information such as private keys or directly transferring funds to a fraudulent address. This type of scam preys on less tech-savvy users or those new to the crypto space, exploiting their lack of familiarity with secure transaction protocols.

The Role of AI in Enhancing Security

As the threat landscape evolves, so do the solutions aimed at countering these threats. Julius Serenas, founder of NeurochainAI, believes that artificial intelligence (AI) can play a pivotal role in improving security.

"AI does not sleep, does not eat and can learn new threat tactics with ease," Serenas says, suggesting that blockchain projects could employ AI solutions to analyze and provide a security index of a particular project before the user confirms any transaction.

This proactive approach could significantly reduce the risk of fraud and unauthorized access. Furthermore, AI can help bridge the gap between complex blockchain technologies and everyday users. By simplifying the user experience and enhancing the clarity of transactions, AI can make it easier for individuals to understand and securely interact with DeFi protocols.

This reduction in complexity is crucial in minimizing "blind signing" of transactions, where users approve operations without fully understanding their implications.