Introduction to Cryptocurrency Laundering
In the world of cryptocurrency, every coin has a story that’s recorded on the blockchain, a public ledger that keeps track of all transactions. However, North Korean hackers have found a approach to launder stolen coins by utilizing a brand new trick. They pay the stolen coins into services that allow them to mine recent, innocent coins.
North Korean Hacker Group APT43
A cybersecurity firm called Mandiant has been tracking a North Korean state-sponsored hacking group generally known as APT43. This group has been primarily focused on espionage, hacking into think tanks, academics, and personal industry within the US, Europe, South Korea, and Japan since at the least 2018. They use phishing campaigns to reap credentials from victims and plant malware on their machines. Like many North Korean hacker groups, APT43 also steals cryptocurrency to counterpoint the North Korean regime or fund their very own operations.
The Problem of Cryptocurrency Laundering
As regulators have tightened their grip on exchanges and laundering services, APT43 has had to search out recent ways to money out the funds they steal. The problem is that cryptocurrency is comparatively easy to steal, but it surely’s hard to money out without leaving a forensic trail of evidence on the blockchain. This makes it difficult for thieves to money out without being caught.
A New Method of Laundering
To solve this problem, APT43 has began using a brand new method to launder their stolen coins. They pay the stolen cryptocurrency into "hashing services" that allow anyone to rent time on computers used to mine cryptocurrency. This allows them to reap newly mined coins that don’t have any apparent ties to criminal activity. According to Joe Dobson, a Mandiant threat intelligence analyst, "It breaks the chain. This is sort of a bank robber stealing silver from a bank vault after which going to a gold miner and paying the miner in stolen silver. Everyone’s on the lookout for the silver while the bank robber’s walking around with fresh, newly mined gold."
How the Laundering Process Works
Mandiant first saw signs of APT43’s mining-based laundry technique in August 2022. They have since seen tens of 1000’s of dollars value of crypto flow into hashing services from what they imagine are APT43 crypto wallets. They have also seen similar amounts flow to APT43 wallets from mining "pools," services that allow miners to contribute their hashing resources to a bunch that pays out a share of any cryptocurrency the group collectively mines.
The Risks of Operational Sloppiness
In some cases, Mandiant found that the funds were nonetheless commingled with crypto in wallets they’d previously identified from their years-long tracking of APT43 hacking campaigns. This suggests that APT43 might not be as careful as they think they’re, and that their laundering efforts might not be as effective as they hope.
Conclusion
In conclusion, North Korean hackers have found a brand new approach to launder stolen cryptocurrency by utilizing hashing services to mine recent coins. This method allows them to interrupt the chain of evidence on the blockchain and money out their stolen funds without being caught. However, Mandiant’s discovery of APT43’s laundering technique suggests that the group might not be as careful as they think they’re, and that their efforts may ultimately be unsuccessful. As the world of cryptocurrency continues to evolve, it’s likely that we’ll see more sophisticated methods of laundering and more efforts to trace and stop them.
