North Korea-backed hackers stole $1.7bn (£1.4bn) of crypto in 2022, says blockchain analysis firm Chainalysis.
This nearly quadruples the country’s previous record for cryptocurrency theft – $429m in 2021.
The loot also made up 44% of the $3.8bn stolen in crypto hacks last year, which the firm called “the biggest year ever for crypto hacking”.
Experts have said the country, facing heavy sanctions, is turning to crypto theft to fund its nuclear arsenal.
North Korea has conducted six nuclear tests and analysts expect the seventh one this year, as the country accelerates its nuclear weapons programme under leader Kim Jong-un. Last year, Pyongyang launched a record number of ballistic and other missiles. This is despite the country’s struggling economy
These hackers typically launder crypto through “mixers”, which blend cryptocurrencies from various users to obfuscate the origins of the funds, the firm said.
Other experts have also said that North Korea launders stolen crypto through brokers in China and non-fungible tokens (NFTs).
Last month, the FBI confirmed that North Korea-affiliated Lazarus Group was responsible for a $100m crypto heist on a blockchain network called Horizon bridge last year.
Overall, decentralised finance protocols, or DeFi, accounted for over 82% of cryptocurrency stolen in 2022, Chainalysis’ report said.
DeFi users know what will happen to their funds when they use them because smart contract codes governing these protocols are publicly accessible by default.
But this transparency also makes DeFi particularly attractive to hackers, who can scan the codes for vulnerabilities and “strike at the perfect time” to maximise their loot, according to the report.
David Schwed, chief operating officer at blockchain security firm Halborn, noted that DeFi developers “prioritise growth over all else”, and funds that could be used to enhance security are often directed instead to rewards, in order to attract users.
DeFi developers can take a leaf from traditional financial institutions in making their platforms more secure, Mr Schwed said.
For instance, they can simulate different hacking scenarios to test their protocols, or design mechanisms to pause or halt transactions when suspicious activity is detected.
“You don’t need to move as slow as a bank, but you can borrow from what banks do,” he said