Author: Dr. Angelika Hellweger
21 June 2023
2 min read
Angelika Hellweger of financial crime specialists Rahman Ravelli details the latest crypto theft accusations made against North Korea.
The theft of at least $35 million from a popular cryptocurrency service is being blamed on North Korean hackers.
A number of crypto-tracking experts have pointed an accusing finger at hackers from North Korea over the emptying of a number of customer accounts at Estonia-based Atomic Wallet. The incident is being viewed as the latest in a number of attacks on cryptocurrency firms which officials in the United States believe are being carried out to help fund North Korea’s nuclear and ballistic weapons programmes.
In the latest attack, hackers targeted some of the estimated five million users of Atomic Wallet software. The company has since said that less then 1% of its users appeared to have been affected by the hack. But it has not given a precise figure for the amount that was taken. Some of those who say they were victims have gone on to Twitter to beg the hackers to return their money.
North Korean hackers have been accused of stealing assets worth billions of dollars from banks and crypto firms in recent years. The tactics used in the attack on Atomic Wallet are said to have matched previous hacks that have been blamed on North Korea.
Tackling North Korean hacking and money laundering has become a high-priority national security issue for the current US administration. The US government has alleged that approximately half of North Korea’s missile programme has been funded by cyberattacks and cryptocurrency theft.
North Korea, also known as the Democratic People’s Republic of Korea (DPRK), is believed to have trained hackers to impersonate employees and tech workers in order to exploit security vulnerabilities and take cryptocurrency worth billions. Such attacks began five years ago and have continued to increase in frequency. Last year alone saw more than 40 successful attacks reported. The increasing number of crypto thefts has coincided with a rise in missile testing by North Korea.
The Atomic Wallet attack appears to have been carried out by Lazarus Group. This is a cybercrime group made up of an unknown number of individuals which is run by the government of North Korea and uses a crypto blender (called Sinbad) to launder the proceeds of its hacking. Last year saw the US sanction the crypto blenders known as Blender and Tornado Cash, which were two of the top crypto mixers known to be helping North Korea launder hundreds of millions of stolen funds. Sinbad emerged a few months after the US targeted these two former blenders with sanctions.
While crypto blenders are legitimate tools, they can also be used for illegal activity. They allow users to deposit digital assets that go into a pool. Users can then withdraw assets of the same value that they deposited, with those assets sent to new addresses that are difficult to either track or link to the depositor.
Angelika is a specialist in international, high-level economic crime investigations and large-scale commercial disputes. She has widely-recognised expertise in representing corporates and conglomerates in Europe, the Middle East, Africa and United States.