North Korean hackers stole less in 2023 despite more breaches — Chainalysis

Hacking groups linked to the Democratic People’s Republic of Korea (DPRK) stole less crypto despite ramping up their efforts and diversifying their targets in 2023, according to the latest report released by blockchain analytics firm Chainalysis.

In 2022, crypto lost from North Korea-linked exploits reached $1.7 billion through 15 hacking incidents. In 2023, Chainalysis estimated that the hacking groups stole about $1 billion worth of crypto from 20 hacks. This shows that despite having more exploits, the hackers could not surpass the value of their illicit gains in the previous year despite having more exploits. 


Erin Plante, the vice president of investigations at Chainalysis, expects that hacks linked to North Korea will continue to become more sophisticated and diverse. With their ill-gotten gains from decentralized finance (DeFi) protocols becoming less due to security improvements, Plante explained that North Korean hackers diversified and targeted centralized services and wallets. 


The executive further noted that in 2023, DPRK-linked hackers preferred phishing and social engineering. Plante described these attack vectors as “age-old” hacking tactics that can be prevented through employee education and awareness. Plante said: 

“General security practices are an important foundation for a strong cybersecurity strategy, and organizations should ensure that every employee is vigilant and up to speed with the technical aspect of cyber defenses.”

Plante also shared that they’ve noticed a pattern regarding DPRK-linked attacks. The executive said that the hackers tend to spend more time in the networks, highlighting the need for increased network monitoring and security. 

According to Plante, DeFi protocols that might be vulnerable to on-chain failures should employ systems that monitor on-chain activities. On the other hand, platforms vulnerable to off-chain risks must reduce their reliance on centralized products and services. 

Overall, the executive expects North Korean hackers to continue looking for opportunities to steal significant funds wherever they can. “Their ability to rapidly evolve, as doors are closed to them, continues to make them an advanced foe.”