DeFi has become a "cash machine" for North Korean hackers

The latest report from Chainalysis, a blockchain data analysis organization, shows that in 2022, DeFi will become the main target of the two major criminal activities of money laundering and hacking.

According to the agency’s data, in 2022, $1.7 billion worth of encrypted assets will be stolen, 97% of which will come from DeFi protocols, mainly from two shocking thefts: At the end of March, the Ronin cross-chain bridge was attacked, worth 600 million The encrypted assets of US dollars were stolen; in February, the cross-chain protocol Wormhole was attacked, and 320 million US dollars was stolen. The report outlines that more than $840 million in stolen funds has flowed to North Korea-linked hackers by 2022.

In addition to hacking attacks, money laundering activities through DeFi have also continued to grow in the past few years, with DeFi protocols absorbing 69% of encrypted assets related to criminal activities. Chainalysis cites the example of the notorious North Korea-linked hacking group Lazarus Group, which laundered $91 million worth of crypto assets through multiple protocols last year, exchanging stolen crypto assets for ETH and BTC , and then transferring them to Centralized exchange cash out.

Chainalysis believes that most DeFi protocols have the function of "allowing users to exchange one token for another", but it is difficult to track the movement of assets on these protocols, and most DeFi projects lack KYC requirements. Criminals are more attractive.

On May 12, Chainalysis, a blockchain data analysis agency, concluded in the preview blog of the report "Theft, Money Laundering, and NFT Market Manipulation Highlights the Importance of Security and Compliance in Web3" that DeFi protocols are the preferred target for hacker attacks.

DeFi (Decentralized Finance) generally refers to a decentralized financial protocol built on the blockchain network, aiming to use the value transmission function and transparency of the blockchain to build traditional financial services such as banks, monetary funds, financial products and services. Scenarios and applications, a large number of encrypted assets are stored and circulated in these protocols.

Chainalysis pointed out that since the beginning of 2020, DeFi protocols accounted for a growing share of stolen funds from all cryptocurrency platforms, and lost the vast majority of stolen funds in 2021. As of May 1, DeFi protocols accounted for 97% of the $1.68 billion in encrypted assets stolen in 2022.

In particular, in the two DeFi-related hacks targeting Ronin Bridge and Wormhole Network, the value of stolen crypto assets reached an all-time high in the first quarter of 2022.

To make matters worse, most of the encrypted assets stolen from DeFi protocols have flowed to North Korean-related hacking organizations, "especially in 2022." Chainalysis lists data indicating that entering 2022, the amount of encrypted assets stolen by North Korean hackers Reached the largest year to date, over $840 million, and was based entirely on hacking of DeFi protocols (North Korean hackers may be responsible for other hacks of DeFi protocols and centralized services).

In March of this year, after the cross-chain bridge of the Ethereum side chain Ronin was hacked and lost 625 million US dollars, the FBI stated in a statement that it was able to "confirm" that the hacker group Lazarus Group and APT38 were responsible for the theft through investigation. It said it will work with the Treasury Department and other U.S. government partners to continue to expose and combat North Korea’s use of illegal activities, including cybercrime and crypto asset theft.

Lazarus Group and APT38, both North Korean hacking groups accused of multiple crypto-asset-based hacks, reportedly managed to siphon $571 million in crypto assets in 2017. In April, the U.S. Treasury Department added Ethereum addresses associated with the Lazarus Group to its sanctions list, Bloomberg reported.

“Money laundering is another serious problem,” Chainalysis said in a preview blog of the report. In the past two years, DeFi accounted for an increasing proportion of the total funds sent from illegal addresses to encrypted asset service institutions, and by 2022 In 2020, DeFi protocols have become the largest recipients of illicit funds, accounting for 69% of all funds sent to addresses related to criminal activity, compared to just 19% for all of 2021.

Chainalysis analyzed the reason: DeFi protocols allow users to trade "one cryptocurrency for another cryptocurrency", which may make it more complicated to track the flow of funds, because unlike centralized services, many DeFi protocols do not require any input from users. KYC information is obtained there, which makes them more attractive to criminals.

In data tracking and research on money laundering, Chainalysis also discovered North Korean hackers.

The agency cited a 2021 case, saying that the then-notorious Lazarus Group used several DeFi protocols to launder money after stealing more than $91 million worth of crypto assets from a centralized exchange.

Chainalysis pointed out that the hackers initially stole various ERC-20 tokens, then used various DeFi protocols to exchange these tokens for Ethereum; the hackers continued to send Ethereum (ETH) to the mixer, and then used DeFi protocols to exchange again They, this time exchanged for Bitcoin (BTC), then transferred the BTC to several centralized exchanges to clear and receive cash. “This is just one example of how hackers are abusing DeFi protocols for money laundering.”

Judging from the overall data given by Chainalysis, in the past three years, illegal activities have become a less prominent part of the entire encrypted asset ecosystem, but DeFi seems to be experiencing the same growth pains as in the early days of the encrypted asset field. There has been an increase in illicit activities present in the DeFi market. In a blog post, the agency pointed out that these illegal activities demonstrate the importance of security and compliance in the development of Web3. Users can confidently adopt the technology and keep the industry moving."