North Korean Hackers Adopt Crypto Mining to Launder Stolen Coins
North Korean hackers have developed a new method to launder stolen cryptocurrency by using crypto mining services, according to a report by cybersecurity firm Mandiant. The report reveals that the North Korean state-sponsored hacking group, APT43, has been feeding stolen coins into crypto mining services to obscure their trail.
Cryptocurrency transactions are typically tracked on an immutable blockchain, making it challenging for criminals to cash out. However, APT43 has discovered a way to bypass this issue by paying stolen cryptocurrency into “hashing services.” These services allow users to rent time on computers used to mine cryptocurrency, enabling them to obtain newly mined coins with no ties to criminal activities.
Mandiant first noticed signs of APT43's mining-based laundering technique in August 2022. Since then, tens of thousands of dollars' worth of crypto have flowed into hashing services, such as NiceHash and Hashing24, from what Mandiant believes are APT43 crypto wallets. Similar amounts have flowed to APT43 wallets from mining “pools,” which allow miners to collectively mine cryptocurrency and share the profits.
While the laundered sums are significantly smaller than the massive crypto heists North Korean hackers have carried out in recent years, it raises concerns about the need for increased regulation and scrutiny of mining pools. The new laundering technique highlights the potential for illicit actors to exploit mining pools that do not have the tools to identify them.