North Korea’s “$600 Million Crypto Heist”: Deep Dive into 2023’s Cyberattacks

Why Trust Techopedia Crypto

In a landmark report from Certik, it is alleged that $600m was lost to North Korea's Lazarus Group in 2023's cyberattacks. We explore how.

In a year marked by significant cybersecurity incidents, North Korea (DPRK) has emerged as a formidable player in the realm of digital theft through the operations of the highly sophisticated Lazarus group.

Accused of a staggering $600 million stolen in cryptocurrency hacks in 2023 (according to Certik), the Democratic People’s Republic of Korea (DPRK) is at the forefront of a new wave of high-stakes cybercrime.

The DPRK’s alleged involvement in cryptocurrency theft has been steadily increasing, with almost a third of all funds stolen in crypto attacks last year attributed to North Korean hackers. 

Key Takeaways

  • North Korea plays a ‘significant role’ in global cryptocurrency hacks, allegedly raking in $600M in 2023.
  • The Lazarus Group is accused of executing increasingly sophisticated high-value crypto hacks on behalf of the DPRK.
  • Despite the huge losses, crypto hacks were less in 2023 than in previous years.

The $600 million marks a slight reduction from the $850 million haul in 2022 but still represents a significant threat, with attacks traced to North Korea being ten times more costly than those not linked to the nation.

Overall, in the past two years, reports claim that more than 1.5Bn dollars have been stolen by the DPRK, with other reports citing as much as $2bn in stolen crypto assets.

The Lazarus Group’s Prominent Role: Methodology and Impact of DPRK’s Hacks

North Korean hackers primarily target private keys and seed phrases, critical security components of digital wallets. Upon gaining access, they transfer assets to wallets under their control. 


The funds are usually swapped for stablecoins like USDT or Tron and converted to hard currency using high-volume over-the-counter (OTC) brokers. 

READ MORE: 10 Biggest Crypto Heists of All Time – How Much Money Was Stolen?

Yet, the sophistication of these operations and the continuous evolution of money laundering methods to evade international law enforcement make these hacks particularly alarming.

The Lazarus Group, linked to North Korea, has been responsible for over $300 million worth of crypto losses in 2023, making up nearly 20% of the year’s total. 

Known for its involvement in significant cyberattacks over the past decade, the Lazarus Group has shifted its focus to centralized finance platforms, diverging from its previous targets in the decentralized space.

2023 Hacks Still Saw a Notable Decline In Crypto Losses

Certik - 2023 Hacks
Certik: Crypto Hack Losses By Chain in 2023

Despite the substantial losses, 2023 saw a decline in the total amount stolen due to improved cybersecurity measures within the crypto industry and heightened law enforcement focus. 

However, the Lazarus Group’s pivot to centralized finance platforms and their continued targeting of vulnerable entities suggests that the threat is far from over.

The international community has responded with increased scrutiny and regulatory actions. For instance, the U.S. Treasury Department has sanctioned popular crypto mixers used by the Lazarus Group for money laundering. 

America’s proposal to expand supervisory powers over the crypto sector by the U.S. Treasury’s Deputy Secretary signifies a growing understanding of the need for more robust regulatory frameworks in response to these threats.

A notable incident in 2023 was the $70 million theft from the Hong Kong-based crypto exchange CoinEx. 

Blockchain research firm Elliptic identified links between the stolen funds and wallet addresses previously used by the Lazarus Group. 

This incident highlights the continued reliance of North Korean hackers on sophisticated methods and blockchain bridges for fund transfers and laundering.

The Bottom Line: Vigilance and Innovation Needed

As the crypto industry grapples with the reality of sophisticated state-sponsored hacking operations, the need for continuous vigilance and innovation in cybersecurity is more pressing than ever. 

With North Korea’s hacking capabilities proving formidable, businesses and governments must collaborate more closely to track, prevent, and recover stolen funds. 

The year 2024 will likely bring further challenges, making it imperative for the crypto world to stay ahead of these evolving threats.


Related Reading

Related Terms

Sam Cooling
Crypto & Blockchain Writer
Sam Cooling
Crypto & Blockchain Writer

Sam Cooling is a crypto, financial, and business journalist based in London. Along with Techopedia, his work has been published in Yahoo Finance, Coin Rivet, and other leading publications in the financial space. His interest in cryptocurrency is driven by a passion for leveraging decentralized blockchain technologies to empower marginalized communities worldwide. This includes enhancing financial transparency, providing banking services to the unbanked, and improving agricultural supply chains. Sam has a Master’s Degree in Development Management from the London School of Economics and has worked as a Junior Research Fellow for the UK Defence Academy.