A UNSC committee is investigating dozens of suspected cyberattacks on crypto firms over the past 6 years

In the hack of JumpCloud in July, it is believed 2 crypto heists worth over $147.5 million were carried out

North Korea-linked hackers are believed to have pulled off 17 crypto heists last year, worth over $750 million

The United Nations Security Council (UNSC) Sanctions Committee on North Korea is investigating suspected cyberattacks by North Korean hackers targeting “cryptocurrency-related companies” during a six-year period that led to losses of around $3 billion.

In a report published this month that was first picked up by South Korean outlet Yonhap, the panel said it identified some trends of cyber activity by North Korean threat actors, and some of these movements directly targeted the crypto industry.

“The Panel is investigating 58 suspected cyberattacks by the Democratic People’s Republic of Korea on cryptocurrency-related companies between 2017 and 2023, valued at approximately $3 billion, which reportedly help to fund the country’s development of weapons of mass destruction,” the report noted.

Citing a compromise of software-as-a-service provider JumpCloud in July 2023, the committee said that Pyongyang “actors associated with cryptocurrency heists” likely breached the system through a “sophisticated spearphishing campaign.” The said hack is believed to have resulted in “at least two cryptocurrency heists” by North Korea with a combined value of more than $147.5 million.

Spear phishing is a targeted form of cyberattack that uses personalized emails or messages to trick a specific individual or organization into divulging sensitive information, downloading malware, or transferring money.

In 2023 there were 17 cryptocurrency heists that could have been perpetrated by North Korea, “valued at more than $750 million,” the panel noted.

Within the North Korea-backed hacking groups mentioned in the report was Kimsuky, which allegedly carried out crypto-related scams and thefts. The hackers allegedly conducted extortion campaigns to obfuscate their transactions and fund espionage operations.

Kimsuky is also accused of cryptojacking “hundreds, if not thousands” of victims in the past several years. It has also been observed to have been mining Monero (XMR) and “likely” received payouts in other digital assets such as Ether (ETH), the sanctions committee said.

Another North Korea-linked hacking entity, Andariel, allegedly breached the systems of financial institutions, stealing some $360,000 worth of Bitcoin in 2022.

Earlier this year, notorious cybercriminals Lazarus Group – believed to have ties with the North Korean government – moved Bitcoin worth around $1.2 million in two transactions following months of inactivity.

The hacking group has been a huge thorn in the crypto sector in recent years due to various system breaches and hacks law enforcement traced back to the group. The U.S. Treasury Department has linked the $600 million “Axie Infinity” Ronin bridge exploit to Lazarus Group, resulting in sanctions to crypto mixers Tornado Cash and Blender.io.