North Korea-backed threat actors hacked more crypto platforms than ever in 2023 but stole less of the digital currency in total than in 2022.
Crypto research firm Chainalysis has found that North Korean adversaries stole slightly over $1.0bn in 2023, compared with around $1.7bn in 2022.
The 2022 spike, which set a record of stolen cryptocurrencies from North Korean-aligned threat actors, was primarily due to a prolific heist on decentralized finance (DeFi) products. That year, North Korean hackers stole approximately $1.19bn in DeFi assets, representing 70% of all crypto gains.
Global Drop in DeFi Hacking
In 2023, the global DeFi boon has waned and North Korean hackers gained significantly less from targeting DeFi protocols.
Chainalysis researchers explained that the reason for this new trend is likely twofold. First, DeFi protocol developers and maintainers have improved their operation security (OpSec).
“When examining this trend last year, security experts told us that they believe many DeFi vulnerabilities stemmed from protocol operators focusing primarily on growth, and not enough on implementing and maintaining robust security systems,” reads the Chainalysis report.
The second reason is the value drop in DeFi assets in 2023, which impacted the gains from DeFi hacking globally.
The global value lost in DeFi hacks declined by 63.7% year-over-year in 2023, and the median loss per DeFi hack dropped by 7.4%. And, while the number of individual crypto hacks rose in 2023, the number of DeFi hacks declined by 17.2%.
This trend is mirrored when examining DeFi hacks coming from North Korean groups, who stole $428.8m from DeFi platforms in 2023, from $1.19bn in 2022.
North Korean Hackers Diversified Their Crypto Targets
To compensate for this loss of income, North Korean hackers diversified their attacks in 2023, adding centralized crypto platforms and crypto wallets (e.g. Atomic Wallet, Alphapo and Coinspaid) to their victim portfolio.