North Korea-backed hackers stole $1.7bn (£1.4bn) of crypto in 2022, says blockchain analysis firm Chainalysis.
This nearly quadruples the country’s previous record for cryptocurrency theft – $429m in 2021.
The loot also made up 44% of the $3.8bn stolen in crypto hacks last year, which the firm called „the biggest year ever for crypto hacking”.
Experts have said the country, facing heavy sanctions, is turning to crypto theft to fund its nuclear arsenal.
North Korea has conducted six nuclear tests and analysts expect the seventh one this year, as the country accelerates its nuclear weapons program under leader Kim Jong-un. Last year, Pyongyang launched a record number of ballistic and other missiles. This is despite the country’s struggling economy.
„For context, North Korea’s total exports in 2020 totaled $142m worth of goods, so it isn’t a stretch to say that cryptocurrency hacking is a sizable chunk of the nation’s economy,” Chainalysis said in a report on Wednesday.
These hackers typically launder crypto through „mixers”, which blend cryptocurrencies from various users to obfuscate the origins of the funds, the firm said.
Other experts have also said that North Korea launders stolen crypto through brokers in China and non-fungible tokens (NFTs).
Last month, the FBI confirmed that North Korea-affiliated Lazarus Group was responsible for a $100m crypto heist on a blockchain network called Horizon bridge last year.
Overall, decentralized finance protocols, or DeFi, accounted for over 82% of cryptocurrency stolen in 2022, Chainalysis’ report said.
DeFi users know what will happen to their funds when they use them because smart contract codes governing these protocols are publicly accessible by default.
But this transparency also makes DeFi particularly attractive to hackers, who can scan the codes for vulnerabilities and „strike at the perfect time” to maximize their loot, according to the report.
David Schwed, chief operating officer at blockchain security firm Halborn, noted that DeFi developers „prioritize growth over all else”, and funds that could be used to enhance security are often directed instead to rewards, in order to attract users.
DeFi developers can take a leaf from traditional financial institutions in making their platforms more secure, Mr Schwed said.
For instance, they can simulate different hacking scenarios to test their protocols or design mechanisms to pause or halt transactions when suspicious activity is detected.
„You don’t need to move as slow as a bank, but you can borrow from what banks do,” he said.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.