Share this article
North Korean Hackers Stole $400M in 2021, Mostly in Ether
For the first time, DeFi mixers were the biggest money-laundering tool for North Korean hackers.
Updated May 11, 2023, 3:41 p.m. Published Jan 14, 2022, 11:59 a.m.
North Korean hackers stole almost $400 million worth of digital assets from crypto platforms last year, mostly in the form of ether, according to a Chainalysis report published on Thursday.
- For the first time, ether accounted for most – 58% – of the stolen funds, according to the report. It was followed by altcoins and ERC-20 tokens, with bitcoin at just 20% of the total, Chainalysis said.
- The increased variety of tokens has led the hackers to step up their efforts to launder their spoils, the report said. The typical process now involves several steps of swapping one cryptocurrency for another on decentralized exchanges and using decentralized finance (DeFi) mixers, which are privacy tools for obscuring the history of the transactions, to conceal their tracks, according to Chainalysis.
- Mixers were the most used tool among North Korean hackers for the first time, accounting for over 65% of stolen funds, up from 42% in 2020 and 21% the year before, Chainalysis said. In 2017 and 2019, crypto exchanges were the most popular way of laundering money.
- About $170 million of stolen funds from 49 exploits dating back to 2017 have yet to be laundered, the report said.
- The number of North Korea-attributed attacks grew from four to seven, and the funds stolen grew by 40%, the highest since 2018, according to the report. The victims were mostly investment firms and centralized exchanges.
- Chainalysis said that many of last year's attacks were likely carried out by a group labeled as advanced persistent threat 38 (APT38), also known as Lazarus Group. The group is believed to be led by Pyongyang’s primary intelligence agency, the Reconnaissance General Bureau.
STORY CONTINUES BELOW
Read more: DOJ Charges 3 North Korean Hackers With Stealing $100M+ From Crypto Firms
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Tassat Wins U.S. Patent for 'Yield-in-Transit' Onchain Settlement Tech
The IP covers intraday, block-by-block interest accrual during 24/7 settlement and underpins Lynq, an institutional network Tassat co-launched in July.
What to know:
- The patent covers on-chain 'yield-in-transit' interest accrual and distribution during settlement.
- Tassat said the tech powers Lynq, which it billed as an institutional network offering integrated, interest-bearing settlement.
- The company argued that continuous yield during collateral and reserve operations could improve how market makers, custodians and stablecoin issuers deploy capital.
Top Stories
