Blockchain Analysis Suggests North Korea Prefers Stolen Ethereum

As institutions adopted Ethereum over the last couple years, so too did North Korea. Previously known for stealing and hoarding BTC, North Korea appears to be diversifying into ETH.

Blockchain analysis firm Elliptic believes Lazarus Group, North Korea's state-sponsored hacking syndicate, is behind the $100M Horizon bridge exploit. This is the second time North Korea has bagged over $100M in ETH in 2022.

The Horizon hacker stole $100M in various assets then swapped them for ETH on a DEX. Elliptic is tracking this ETH. So far, $39M of ETH has been sent through crypto mixer Tornado Cash. Elliptic claims it can still track this mixed ETH, and that now the ETH is in new Ethereum wallets believed to be owned by the North Korean government.

The North Korean government employs prolific crypto hackers and is believed to have stolen almost $2B in crypto over the last five years. The US Treasury Dept. suggested that North Korea may also be behind the $600M hack of Axie Infinity's Ronin sidechain. Elliptic noted the Horizon bridge and Ronin sidechain exploits were similar, as were the money laundering techniques used post-hack.

It's impossible to know if North Korea’s government is truly behind these hacks. Companies love to blame North Korea when they get hacked. In the US, it's generally easier to avoid prosecution for your lazy security practices following a hack if you can demonstrate a state-level actor was responsible.