According to the research, North Korean hackers stole about $400 million (£291 million) in digital assets in at least seven attacks on cryptocurrency platforms last year.
Cyber-criminals in the secretive East Asian state had one of their most successful years on record, according to blockchain analysis firm Chainalysis.
Investment firms and centralised exchanges were the primary targets of the attacks. North Korea has consistently denied involvement in hacking operations blamed on them.
According to the business, the hackers used phishing lures, code exploits, and malware to syphon funds from the organisations’ “hot” wallets and shift them to North Korean-controlled accounts.
Hot wallets for bitcoin are vulnerable to hacking since they are connected to the internet and the cryptocurrency network. They’re used to send and receive bitcoin, as well as to keep track of how many tokens a user has.
Many experts advise storing huge quantities of bitcoin that aren’t needed on a daily basis in “cold” wallets that aren’t connected to the internet.
According to Chainalysis, many of last year’s attacks were likely carried out by the so-called Lazarus Outfit, a hacking group that the US has sanctioned.
North Korea’s main intelligence agency, the Reconnaissance General Bureau, is thought to be in charge of the organisation.
The Lazarus Group has previously been accused of being involved in the “WannaCry” ransomware attacks, as well as hacking international banks and customer accounts and cyber-attacks on Sony Pictures in 2014.
Pyongyang is suspected of using stolen funds to support its nuclear and ballistic missile programmes in order to dodge international restrictions, according to a UN panel that monitors North Korean sanctions.
Separately, the US charged three North Korean computer programmers in February of last year with a huge cyber spree aimed at stealing more than $1.3 billion in cash and bitcoin.
According to the Department of Justice, the cyberattacks impacted businesses ranging from banks to Hollywood movie studios.