North Korean Hackers Pivoting to Russian Exchanges as a Means to Launder Stolen Cryptocurrency, Study Finds

The Growing Threat of North Korean Hackers

In a recent report from on-chain analytics provider Chainalysis, it was revealed that the total amount of cryptocurrency stolen is estimated at $3.54 billion. The report also highlighted that North Korea continues to be a major player in the world of cybercrime, with the country’s hacking groups increasing their use of Russia-based exchanges to launder illicit crypto assets.

NK Stolen Crypto Decreases in 2023

The revelations come at a time when Vladimir Putin and Kim Jong-Un held military talks, raising concerns about the DPRK’s evolving cybercrime tactics and their use of sophisticated attacks to fund their missile program.

Recent data shows that $21.9 million in cryptocurrency stolen from the Harmony Protocol hack was transferred to a Russian exchange known for its involvement in money laundering.

“This latest action marks a significant escalation in the partnership between the cyber underworlds of these two nations.”

Chainalysis also noted that the prospect of recovering stolen funds from uncooperative Russian exchanges is “particularly grim.” Furthermore, the value of stolen crypto associated with North Korean hacking groups has surpassed $340 million this year.

While this is a significant amount, it is much lower compared to last year’s total of over $1.65 billion in stolen funds. Notably, 2022 was a prolific year for DPRK hackers, with large-scale attacks like the $600 million Axie Infinity theft.

Despite the decrease in stolen funds, North Korea-linked groups still account for almost 30% of all crypto stolen in hacks this year. Chainalysis warns that the lower figures do not necessarily indicate improved security or reduced criminal activity.

“We’re only one large hack away from crossing the $1B threshold in 2023.”

DeFi Hacks on the Rise

The month of September has already witnessed several significant hacks, exploits, or scams in the decentralized finance (DeFi) sector. While these incidents are not directly attributed to North Korean hacking collectives, they add to the growing concerns about cybersecurity in the crypto industry.

The De.Fi Rekt database reports seven notable incidents so far this month, including the $52 million CoinEx exchange exploit on September 12. Other protocols that have lost funds this month include Stake Wallet, FloorDAO, and Coindroplet.

A recent report from CryptoPotato revealed the involvement of the Lazarus Group in breaches at Atomic Wallet, Alphapo, CoinsPaid,, and CoinEx.


Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO50 code to receive up to $7,000 on your deposits.

❗Follow us on Twitter to get all the latest crypto news as soon as they're out! 🚀

J-S Tremblay
About the author - J-S Tremblay

I've been involved in the cryptocurrency world since 2016 and trading since 2019. I started Moon and Lambo in 2021. I'm passionate about crypto and love to share my knowledge. I hate bankers and I hope that cryptocurrency will change the financial world for the better. View full profile...

View J-S Tremblay website

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top