Although the year is not yet over, hackers linked to North Korea have made off with over $200 million in cryptocurrency in 2023—accounting for over 20% of all stolen crypto in 2023, according to a report released on Friday by blockchain intelligence firm TRM Labs. The haul is part of more than $2 billion stolen by cybercriminals in the last five years.

Although it is shaping up to be another lucrative year for cybercriminals, TRM Labs said last year was the most successful year for hackers to date, with over $800 million in cryptocurrency stolen. This was achieved by targeting DeFi protocols in three major attacks that targeted cross-chain bridges, including $625 million stolen from the Ronin Bridge in March of that year.

“North Korean hackers use myriad techniques to launder stolen funds—from chain hopping to mixers—and then quickly cash out through accounts at exchanges that typically have lower KYC/AML controls in place,” a TRM Labs spokesperson told Decrypt in an email. “Following OFAC’s sanctioning of cryptocurrency mixing service Tornado Cash last year, TRM Labs has seen North Korea strongly favor Sinbad as the mixing service of choice.”

Hackers targeted Atomic Wallet users in June, stealing approximately $100 million in Bitcoin, Ethereum, Tron, XRP, Stellar, Dogecoin, and Litecoin. TRM Labs said the thieves sent the looted Ethereum to new addresses they controlled with stolen wrapped Ether (WETH), swapped for wrapped Bitcoin (WBTC), and exchanged for Bitcoin and sent to mixing services to obfuscate the coins.


Launched in 2018, the San Francisco-based TRM Labs team includes former members of INTERPOL, the Australian Federal Police, the UK’s National Crime Agency, IRS Criminal Investigation, FBI, and the US Secret Service.

In May, TRM Labs reported a drop in hacks in the first quarter of 2023. The firm attributed this to sanctions on the Tornado Cash Ethereum mixer last August. At the time, the US Treasury Department said the agency added the mixer to its Specially Designated Nationals list due to criminals using the service to launder money.

TRM Labs emphasizes the importance of robust cybersecurity, highlighting the benefits of hardware security modules for cryptographic key management, whitelisting addresses to limit funds transfer to trusted recipients and secure offline storage for keys and passphrases.

“One of the compelling arguments for the DeFi community is that we all have the ability to be our own bank,” the TRM Labs spokesperson said. “A challenge that comes with that freedom is that individuals shoulder much of the responsibility of safeguarding their assets.”


Other blockchain investigation companies include Peck Shield, Chainanylsis, Nansen, Eleptic, and CipherTrace.

On Friday, Peck Shield said it had “detected an ongoing attack” on the Exactly protocol, a credit market on the Optimism network. Web3 antivirus company De.Fi reported Exactly was hacked for 4323.6 ETH, around $7.2 million.

Stay on top of crypto news, get daily updates in your inbox.