North Korean hackers turn to Russia to launder crypto

Blockchain analysts warn of growing cooperation between Russia-based crypto exchanges and North Korea-linked hacking groups.

Democratic People’s Republic of Korea hacker groups have been actively using Russia-based exchanges to launder crypto since 2021, as strict international monitoring of North Korea’s on-chain crimes limits the country’s possibilities of an enrichment capability.

According to Chainalysis, a blockchain forensics firm, North Korean hacker groups are now “increasing their use of Russia-based exchanges” to launder crypto stolen from centralized exchanges or decentralized finance protocols.

In a blog post on Sept. 14, the New York-based firm wrote that almost $22 million in crypto stolen from Harmony Protocol — a blockchain protocol exploited for roughly 100 million in crypto in Jun. 2022 — was recently transferred to a Russia-based exchange “known for processing illicit transactions.” Although Chainalysis did not name the exchange, it said it has evidence that “DPRK entities have been using Russian services” to launder crypto for two years.

“This latest action marks a significant escalation in the partnership between the cyber underworlds of these two nations.”

Chainalysis

As per data published by Chainalysis, the hackers have recently started sending illicit crypto to different deposit addresses at one Russia-based exchange.

The blockchain forensics firm believes Russia’s non-cooperation with international law enforcement agencies makes the possibility of recovering stolen crypto sent to Russian exchanges “particularly grim.”

In June 2023, Elliptic, a London-based blockchain analysis provider, said North Korea’s Lazarus Group, known for its cybercriminal activities, sent crypto stolen from Atomic Wallet to Garantex, an OFAC-sanctioned exchange. Garantex made no public statements on the matter since then.