DeFi protocols accounted for 82.1% of all stolen cryptocurrencies by hackers -a total of 3,100 million dollars-, up from 73.3% in 2021. And of that $3.1bn, 64% came specifically from cross-chain bridging protocols, that allow users to port their cryptocurrencies from one blockchain to another.
These bridges are a attractive target for hackers because smart contracts become huge centralized repositories of funds that back assets that have been transferred to the new chain. If a bridge grows large enough, any bugs in its underlying smart contract code or other potential weaknesses will almost certainly be found and exploited by criminals.
Many of the market busts last year were due to the lack of transparency in the actions and risk profiles of centralized companies of cryptocurrencies. But that same transparency is also what makes DeFi so vulnerable: Hackers can scan DeFi code for vulnerabilities and attack at the perfect time to maximize their theft.
On the other hand, North Korea-linked hackers, such as those from the Lazarus Group cybercrime syndicate, have been by far the most prolific cryptocurrency hackers in recent years. In 2022, they broke their own records, stealing an estimated $1.7 billion worth of crypto through various hacks.
Of that total, $1.1 billion was stolen in hacks of DeFi protocols, making North Korea one of the driving forces behind the DeFi hacking trend, which intensified in 2022.
How do they whiten it?
Hackers linked to North Korea tend to send much of what they steal to other DeFi protocols, not because these protocols are effective for money laundering – they are actually pretty bad for money laundering given their greater transparency compared to centralized services – but rather because DeFi hacks often result in cybercriminals acquire large amounts of illiquid tokens that are not listed on centralized exchanges. Therefore, hackers must turn to other DeFi protocols, typically DEXs, to exchange them for more liquid assets.
In addition to DeFi protocols, hackers linked to North Korea also they usually send large sums to the mixerswhich are usually the cornerstone of their money laundering process. For much of 2021 and 2022, hackers linked to North Korea used almost exclusively Tornado Cash to launder cryptocurrency stolen in hacks. This was for a time the largest mixer operatingand his unique technical attributes made the funds he mixed relatively difficult to track.
However, hackers adapted when Tornado Cash was sanctioned in August 2022. Although North Korea-linked hackers have continued to send some funds into Tornado Cash ever since, they diversified their use of mixers in the fourth quarter of 2022, shortly after the mixer’s designation.
This may be due to the fact that, Although still operational, Tornado Cash’s total transaction volume has fallen since its designation, and mixers generally become less effective when fewer people use them.. Since then, hackers they have resorted to another mixer, Sinbad, a relatively new custodial Bitcoin mixer that began advertising its services on the BitcoinTalk forum in October 2022. Chainalysis researchers first observed wallets belonging to North Korea-linked hackers sending funds to the service in December 2022.
Hackers bridge funds stolen from the Ethereum blockchain—including a portion of the funds stolen in the Axie Infinity hack—to Bitcoin, to then send that Bitcoin to Sinbad. During December 2022 and January 2023, hackers linked to North Korea have sent the mixer a total of 1,429.6 Bitcoin worth approximately $24.2 million.
Although North Korea-linked hackers are sophisticated and pose a significant threat to the cryptocurrency ecosystem, Chainalysis noted, the ability of security forces and national security agencies to counterattack is increasing. When all transactions are recorded in a public ledger, law enforcement always has a trail to follow, even years after the fact, which is invaluable as investigative techniques improve over time. Its growing capabilities, combined with efforts by agencies like OFAC to cut off hacker-preferred money-laundering services from the rest of the crypto ecosystem, means these hacks will become more difficult and less fruitful with each passing year.
Source: Ambito
