May 21, 2024
By Anjali Kochhar
A confidential United Nations report obtained by Reuters has shown that North Korea’s cybercriminal cell, the Lazarus cell, transferred $147.5 million in stolen bitcoin back to the country last year. In March 2023, these hackers illegally seized cash from HTX, a cryptocurrency exchange owned by TRON founder Justin Sun. By March 2024, the stolen assets had been channelled into North Korea via the sanctioned cryptocurrency mixer Tornado Cash.
According to the report, submitted last week, monitors informed a United Nations Security Council (UNSC) sanctions committee of their investigation into 97 suspected North Korean cyberattacks on cryptocurrency firms from 2017 to 2024, totalling approximately $3.6 billion in stolen assets. Based on data from U.N. member states and private companies, the monitors also highlighted that North Korean IT workers abroad are generating substantial income for their country.
The report also included a probe into a February 6 New York Times report claiming that Russia had released $9 million of the $30 million in frozen North Korean assets. Russia also reportedly allowed North Korea to create an account with a Russian bank in South Ossetia, giving it more access to international banking networks.
The Lazarus Group and other North Korean hackers are behind some of the most profitable hacks in the crypto and DeFi sectors, frequently using Tornado Cash as their preferred tumbler. In 2022, the US sanctioned Tornado Cash for aiding North Korea, and in 2023, two of its co-founders were charged with facilitating over $1 billion in money laundering, including for North Korean cybercrime groups.
Earlier UNSC reports indicate that North Korea sourced 50% of its foreign exchange earnings from cyberattacks. Despite a downturn in the crypto market, North Korean hackers hit a record number of cryptocurrency platforms in 2023, stealing over $1 billion. This included $429 million from DeFi platforms and substantial amounts from centralized services, exchanges, and wallet providers.
The revelations underscore the ongoing threat posed by North Korea’s cyber operations and the challenges in mitigating their global impact.
About the author
Anjali Kochhar covers cryptocurrency stories in India as well as globally. Having been in the field of media and journalism for over three years now, she has developed a sharp news sense and works hard to present information that goes beyond the obvious. She is an avid reader and loves writing on a wide range of subjects.