North Korean hackers are laundering stolen funds through Russian exchanges, Chainalysis says

North Korean hacking groups are increasingly using Russian cryptocurrency exchanges to launder stolen funds, according to Chainalysis. 

The onchain analytics firm stated that North Korean hackers recently transferred over $21 million in cryptocurrency, stolen in last year's Horizon bridge hack, to a Russian exchange known for facilitating illicit financial flows.

"This latest action marks a significant escalation in the partnership between the cyber underworlds of these two nations," Chainalysis said in a blog post this month.

The post claimed North Korean hackers have been using Russian exchanges for money laundering purposes since 2021. It said the development is a challenge for international authorities, "given Russia's uncooperative attitude towards international law enforcement."

North Korean hackers less prolific in 2023

Chainalysis said that North Korean hacking groups have been less prolific in 2023 compared to last year, emphasizing that 2022 was a year when North Korean hackers netted "catastrophically high figures." They've stolen around $340.4 million in cryptocurrency so far this year, compared to the over $1.7 billion reported stolen in 2022. 

"While North Korea-linked hackers are on pace to steal much less cryptocurrency than they did last year, it's important to acknowledge that the catastrophically high figures from 2022 created an unusually high bar to surpass," Chainalysis said.

Chainalysis estimates that North Korean groups have stolen a total of $3.54 billion in cryptocurrency since 2016. "DPRK continues to be an incubator for hacking activities and remains one of the largest active threats in the cybercrime landscape," it added.

The Lazarus Group, North Korea's most notorious cybercriminals, allegedly executed a significant attack on the CoinEx cryptocurrency exchange last Thursday, draining at least $55 million worth of crypto assets. According to blockchain security firm SlowMist and onchain investigator ZachXBT, the hacker group was identified when it accidentally revealed its address, which matched the one used in recent hacks involving Stake and Optimism.

UN report warns of North Korean hackers

The developments occur as independent monitors, who report to the United Nation's Security Council, have sounded the alarm about North Korea's use of cyber theft to evade sanctions and finance its nuclear ambitions.

In early August, Reuters reported that an unpublished United Nations study cited cryptocurrency theft as a method North Korea is using to evade sanctions and continue its nuclear weapons development. Reportedly, a forthcoming UN document warns of "state-sponsored" North Korean hacking groups targeting cryptocurrency and financial exchanges worldwide.

According to Reuters, monitors stated in a UN Security Council committee report that "the DPRK continued to access the international financial system and also engaged in illicit financial operations and companies in the cryptocurrency, defense, energy and health sectors were targeted in particular."