Despite ramping up their efforts and expanding their target range, hacking groups linked to North Korea, such as Kimsuky and Lazarus Group, experienced a decrease.
In 2022, North Korea-linked exploits resulted in the theft of approximately $1.7 billion in crypto across 15 hacking incidents. However, in 2023, Chainalysis estimates that these hacking groups stole around $1 billion worth of crypto from 20 hacks, indicating a decline in the value of their illicit gains despite an increase in exploits.
Erin Plante, Chainalysis' vice president of investigations, anticipates that North Korea-linked hacks will be more advanced and wide-ranging. With enhanced security measures in decentralized finance (DeFi) protocols making it more challenging to steal crypto, North Korean hackers changed their areas of focus to centralized services and wallets.
Phishing and social engineering emerged as preferred attack vectors for DPRK-linked hackers in 2023, highlighting the need for employee education and awareness. Plante emphasizes the importance of robust cybersecurity strategies, including vigilant employees and up-to-date technical defenses.
Plante also noted that DPRK-linked hackers exhibited a tendency to spend more time within networks, underscoring the need for heightened network monitoring and security. DeFi protocols susceptible to on-chain failures are advised to implement systems for monitoring on-chain activities, while platforms vulnerable to off-chain risks should reduce their reliance on centralized products and services.