In 2023, losses caused by crypto hacking incidents amounted to over $300 million, with the Lazarus Group being identified as the hacker organization responsible. This group, believed to have connections to North Korea, accounted for approximately 17.6% of the total losses recorded during that year.
As per a report from Fortune Magazine, although there has been a decrease in major crypto hacking incidents worldwide, North Korea has managed to retain its significant role as a key player in the realm of cybercrime.
Crypto Heists By Lazarus Group Exceed $1.9 Billion
The Lazarus Group is infamous for its involvement in major cyberattacks, including a notable 2014 attack on Sony Pictures, and has since become a prominent threat in the cryptocurrency industry.
Since then, they have redirected their efforts towards targeting crypto protocols, resulting in the successful theft of billions of dollars. One notable instance took place in March 2022, when they absconded with $600 million from the Ronin Network, a bridge utilized by the widely popular Web3 game, Axie Infinity.
According to the report, between 2021 and 2023, an estimated $1.9 billion has been stolen from numerous cryptocurrency projects, with the Ronin Network hack being the most significant breach. In 2023, Lazarus Group carried out a total of five successful attacks, with one notable incident being the theft of $70 million from the Hong Kong-based cryptocurrency exchange, CoinEx, in September.
Blockchain analytics firm, Elliptic, uncovered that a portion of the pilfered funds were routed through a cryptocurrency wallet address previously linked to Lazarus, indicating its utilization for money laundering endeavors.
Sharp Decline: Digital Asset Hacks Decrease By Over 50%
Despite the concerning data, 2023 has experienced a reduction in the overall monetary losses from digital asset hacks compared to prior years. As reported by TRM Labs, a blockchain analytics firm, the total amount of stolen funds has decreased by over 50%, while the number of attacks has remained relatively constant.
This decline can be attributed to the implementation of enhanced cybersecurity measures within the industry and the increased attention from law enforcement agencies. Additionally, the decrease in prices may have diminished the profitability of such hacking endeavors.
However, despite the overall decline, the Lazarus Group remains a significant threat. In 2023, they altered their strategy and started focusing on targeting centralized finance (CeFi) platforms such as CoinEx, rather than decentralized protocols. They also targeted users of the noncustodial crypto wallet Atomic and the online casino and betting platform Stake.com.
US Treasury Takes Aim At Crypto Exploits
Law enforcement agencies have been proactive in combating these illicit activities by tracing stolen funds and disrupting services known as crypto mixers. These mixers enable the combining and distribution of digital assets, thereby making tracking and investigation more complex.
According to Bitcoinist, the US Treasury Department imposed sanctions on Tornado Cash, a well-known mixing service, in August 2022. In September 2023, two of its founders were indicted on charges of money laundering. In November, the US Treasury Department also imposed sanctions on Sinbad.io, another mixing service that is frequently utilized by the Lazarus Group.
In order to further tackle digital exploits, the Treasury Department intends to broaden its supervisory authority over the sector. Deputy Secretary Wally Adeyemo proposed stricter know your customer (KYC) standards for decentralized platforms such as mixers and wallet providers during a crypto industry policy summit in late November.
Overall, while efforts to mitigate cyber threats in the crypto industry are ongoing, the persistence and evolving tactics of groups like Lazarus highlight the need for continued vigilance and proactive measures to safeguard the ecosystem.
Strengthening cybersecurity practices, enhancing regulatory oversight, and fostering international cooperation will play crucial roles in combating cryptocurrency-related cybercrime.