cyber criminals from North Korea managed to pocket a total of $395 million worth of crypto last year through seven hacks at cryptocurrency exchanges and investment firms, according to blockchain analytics firm Chainalysis.
The sum represents an increase of almost 100 million dollars compared to the robberies of the previous year by North Korean cybercriminal groups, and brings their total loot over the last five years to $1.5 billion in cryptocurrencies alone, not including the hundreds of millions more they managed to steal from the traditional financial system.
The findings show that North Korea’s global serial thefts accelerated even amid an attempted police crackdown; the US Department of Justice, for example, indicted three North Koreans in absentia in February last year, accusing them of stealing at least $121 million cryptocurrency business along with a host of other financial crimes.
Charges were also filed against a Canadian man who had allegedly helped launder the funds. But those efforts did not stop the hemorrhage of cryptographic richness.
Chainalysis’s numbers, based on exchange rates at the time the money was stolen, don’t just point to an appreciation in the value of the cryptocurrency.
While Chainalysis declined to identify most of the victims of the hacker thefts it tracked last year, its report blames North Korean hackers for the theft of around 97 million in crypto assets from Japanese exchange Liquid.com in August, including $45 million worth of Ethereum.
Russia dismantled REvil
Meanwhile, Russia’s Federal Security Service (FSB) on Friday arrested hackers from the Russian group REvil, one of the world’s most prolific cybercriminal gangs, and declared it dismantled. By the end of 2020, the group had hacked into the Argentina.gob.ar site.
“Thanks to the joint actions of the FSB and the Russian Interior Ministry, the organized criminal group ceased to exist,” the entity reported, quoted by the Russian agency Interfax, noting that the agents “neutralized the computer infrastructure used for criminal purposes.”
According to the FSB, the United States, which asked Russia to act against the hackers, was informed of “the results of the operation” that neutralized the group, responsible for cyberattacks against US companies.
“The FSB identified the members of the criminal group REvil, established their involvement in the illegal flow of payments and documented the illegal actions,” the FSB said.
The Russian operation led to the arrest of 14 members of the network, who were charged with “illegal use of means of payment”, a crime defined in the Russian Penal Code.
426 million rubles (5.6 million dollars) were seized, in addition to $600,000, €500,000, in addition to computer equipment and twenty luxury cars.
Last November, the US government imposed sanctions on a Russian and a Ukrainian, whom it accused of being behind cyberattacks against US companies, and offered a $10 million reward for information leading to the arrest of those involved in this network of hackers.
Washington accused the group of being behind the 2021 cyberattacks against meat company JBS Foods and software firm Kaseya, which provides services to more than 40,000 organizations worldwide.
According to the US, the group used “ransomware” against new US companies, a program capable of blocking a computer from a remote location and that hijacks its files and does not release them until it obtains a ransom payment.
Since 2019, several large international corporations have been victims of serious cyberattacks with this ransomware, which led France, Germany and Romania, coordinated by Europol and Euroust, to strengthen their operations by creating a joint investigation team in May 2021.