DeFi falls into North Korean hacker’s ‘ATM’, with more than $840 million stolen this year – CoinDesk

DeFi falls into North Korean hacker's 'ATM', with more than $840 million stolen this year - CoinDesk

The agency’s data shows that in 2022, $1.7 billion worth of crypto assets will be stolen, of which 97% will come from DeFi protocols, mainly from two shocking thefts: At the end of March, the Ronin cross-chain bridge was attacked, worth 600 million U.S. dollar crypto assets were stolen; in February, the cross-chain protocol Wormhole was attacked, and $320 million was stolen. The report outlines that by 2022, more than $840 million in stolen funds went to North Korea-linked hacking groups.

In addition to hacking, money laundering through DeFi has continued to grow over the past few years, with DeFi protocols absorbing 69% of crypto assets associated with criminal activity. Chainalysis cites the Lazarus Group, a notorious North Korea-linked hacking group that laundered $91 million worth of crypto assets through various protocols last year, exchanging the stolen crypto assets for ETH and BTC, which were then transferred to Centralized exchanges to cash out.

Chainalysis believes that most DeFi protocols have a feature that “allows users to exchange one token for another”, and the difficulty of tracking asset movements on these protocols, and the lack of KYC requirements of most DeFi projects, these characteristics make them criminals. More attractive.

North Korean hackers siphon $840 million from DeFi

On May 12, the blockchain data analysis agency Chainalysis concluded in the report “Theft, Money Laundering and NFT Market Manipulation Highlight the Importance of Security and Compliance in Web3” that DeFi protocols are the preferred targets of hacking attacks.


DeFi (Decentralized Finance) generally refers to a decentralized financial protocol built on the blockchain network, which aims to use the value transmission function and transparency of the blockchain to build traditional financial services such as banks, currency funds, financial products and services. Scenarios and applications, a large number of encrypted assets are stored and circulated in these protocols.

DeFi protocols have seen a growing share of all funds stolen from cryptocurrency platforms since the beginning of 2020, and lost the vast majority of stolen funds in 2021, Chainalysis noted. DeFi protocols account for 97% of the $1.68 billion in crypto assets stolen in 2022 as of May 1.

Especially in the two DeFi-related hacks targeting Ronin Bridge and Wormhole Network, the value of stolen crypto assets reached an all-time high in the first quarter of 2022.

To make matters worse, most of the crypto assets stolen from DeFi protocols go to North Korean-related hacking groups, “especially in 2022.” Chainalysis lists data pointing out that entering 2022, North Korean hackers’ crypto assets The theft hit its highest year-to-date amount of more than $840 million, and that was based solely on hacking of DeFi protocols (North Korean hackers could also be responsible for other hacks such as DeFi protocols and centralized cryptocurrency services).

After the cross-chain bridge of the Ethereum sidechain Ronin was compromised by hackers in March that lost $625 million, the FBI said in a statement that the investigation was able to “confirm” the hacking groups Lazarus Group and APT38 Responsible for the theft of crypto assets, and said it will work with the Treasury Department and other U.S. government partners to continue to expose and combat North Korea’s use of illegal activities, including cybercrime and crypto asset theft.

Lazarus Group and APT38, both North Korean hacking groups accused of multiple crypto-asset-based hacks, reportedly managed to siphon off $571 million in crypto assets in 2017. In April, the U.S. Treasury Department added Ethereum addresses linked to Lazarus Group to its sanctions list, according to Bloomberg.

Money laundering using DeFi on the rise

“Money laundering is another serious problem,” Chainalysis said in the report. In the past two years, DeFi has accounted for an increasing proportion of the total funds sent from illegal addresses to crypto asset service institutions. By 2022, DeFi The protocol has become the largest recipient of illicit funds, accounting for 69% of all funds sent from addresses associated with criminal activity, compared to just 19% for all of 2021.

Crypto assets

Chainalysis analyzes why: DeFi protocols allow users to trade “one cryptocurrency for another,” which could complicate tracking the flow of money because, unlike centralized services, many DeFi protocols don’t need to get it from users KYC information, which makes them more attractive to criminals.

In the data tracking and research on money laundering, Chainalysis also found the presence of North Korean hackers.

The agency pulled out a 2021 case alleging that the then-notorious Lazarus Group used several DeFi protocols to launder money after stealing more than $91 million worth of crypto assets from centralized exchanges.

Crypto assets

Chainalysis noted that hackers initially stole various ERC-20 tokens, which were then exchanged for ether using various DeFi protocols; the hackers proceeded to send ether (ETH) to the mixer, which was then exchanged again using DeFi protocols They, this time exchanged for Bitcoin (BTC), and then moved the BTC to several centralized exchanges to clear and receive cash. “This is just one example of how hackers are abusing DeFi protocols for money laundering.”

Judging from the overall data given by Chainalysis, illegal activities have become a less prominent part of the entire crypto asset ecosystem in the past three years, but DeFi seems to be experiencing the same growing pains as the early days of the crypto asset field. There has been an increase in illegal activity in the DeFi market. The agency noted that these illegal activities exemplify the importance of security and compliance in the development of Web3, “industry operators associated with the technology need to work hard to eliminate this abuse, sometimes with public sector help, so that new users can feel at ease. to adopt the technology and allow the industry to continue to grow.”


Be the first to comment

Leave a Reply

Your email address will not be published.