Surge in North Korean Crypto Attacks: Record Number Of Hacks, Yet Lower Total Loot In 2023


The year 2023 witnessed an unprecedented surge in crypto platform hacks linked to North Korea, raising concerns and eyebrows within the cybersecurity community. In this comprehensive blog post, we delve into the details of this surge, exploring the tactics employed by North Korean hackers, the evolving crypto security environment, and the broader implications for the cryptocurrency ecosystem.

I. Record Number of Hacks, Yet Lower Total Loot

A. Statistical Overview

According to Chainalysis, a leading blockchain analysis firm, North Korean hackers executed a staggering 20 cyber attacks in 2023, setting a new record. Despite the high number of attacks, the total value of looted funds decreased by 40% compared to the previous year, dropping from $1.7 billion in 2022 to just over $1 billion in 2023.

B. Shifting Dynamics

The decline in stolen funds signals a significant shift in the landscape of digital asset theft. This section explores the reasons behind this shift, touching upon the changing tactics of North Korean hackers, the impact of enhanced security measures, and the influence of investor behavior.

II. North Korean Hackers Adapt Amid Declining Crypto Thefts

A. Cryptocurrency as a Target

Cryptocurrency has long been a lucrative target for North Korean hackers, often exploited to circumvent international sanctions. The decline in stolen funds aligns with a broader trend in the crypto security environment, particularly in decentralized finance (DeFi) protocols.

B. DeFi Protocol Trends

In 2023, DeFi protocols experienced a 64% reduction in theft, totaling $1.1 billion, down from $3.1 billion the previous year. This decrease is attributed to heightened security measures and reduced overall activity in DeFi spaces. Insights from Erin Plante, Vice President of Investigations at Chainalysis, shed light on the evolving tactics of these hackers.

C. Adapting Strategies

As crypto platforms enhance security measures, North Korean hackers adapt to more diverse and sophisticated strategies. Insights from cybersecurity experts, including Joe Dobson of Mandiant, highlight the continuous study of the evolving landscape by these criminals and their ability to exploit new advancements maliciously.

D. Influence of Investor Behavior

Allan Liska, a senior intelligence analyst at Recorded Future Inc., suggests that investor behavior may have played a role in the decrease of stolen amounts. The fallout from high-profile events, such as the FTX collapse, may have prompted investors to spread their assets across various platforms, reducing the pool of funds available for theft.

III. Evading Sanctions: North Korea’s Persistent Cyber Threat To Crypto

A. Impact of DPRK-Linked Hacks

A report from TRM Labs emphasizes that DPRK-linked hacks have been ten times more damaging than those unlinked to North Korea. Since 2017, over $3 billion in cryptocurrency has been lost to Pyongyang’s operatives.

B. Targeting Digital Wallet Vulnerabilities

The report details how hackers primarily target digital wallet vulnerabilities, transferring stolen funds to controlled addresses and converting them into hard currency through high-volume brokers.

C. Adaptability in Money Laundering

North Korea’s adaptability in money laundering methods under international scrutiny is noteworthy. This section explores the evolution of their tactics, including the shift from platforms like Tornado Cash and ChipMixer to the mixer Sinbad.

D. Exploring Alternative Laundering Tools

Despite facing sanctions in November 2023, Sinbad has faced sanctions from the Office of Foreign Assets Control (OFAC), North Korea continues to explore alternative laundering tools, emphasizing the persistent and evolving nature of this threat to the crypto ecosystem.

IV. Conclusion

Summarizing the insights gathered, the surge in North Korean crypto attacks in 2023 reflects a dynamic landscape where hackers adapt to changing conditions. Enhanced security measures, decreased DeFi activity, and shifts in investor behavior contribute to a decline in stolen funds, showcasing the resilience of the crypto community. However, the persistent threat from North Korea underscores the need for continuous vigilance and proactive measures to safeguard the cryptocurrency ecosystem.


Q1. How many cyber attacks were linked to North Korea in 2023?

A1. According to Chainalysis, there were a total of 20 cyber attacks linked to North Korea in 2023.

Q2. What was the total value of looted funds in 2023?

A2. The total value of looted funds in 2023 was just over $1 billion, representing a 40% drop from the $1.7 billion stolen in 2022.

Q3. What factors contributed to the decline in stolen funds?

A3. The decline in stolen funds can be attributed to enhanced security measures, decreased activity in DeFi protocols, and changes in investor behavior.

Q4. How do North Korean hackers adapt to changing security measures?

A4. North Korean hackers adapt to changing security measures by employing diverse and sophisticated strategies, as highlighted by cybersecurity experts.


In summary, the surge in North Korean crypto attacks in 2023 reflects a complex interplay of factors, including evolving hacker tactics, enhanced security measures, and changes in investor behavior. While the total value of looted funds decreased, the persistent threat from North Korea emphasizes the need for continuous vigilance within the cryptocurrency community.

Leave a Comment