North Korean hackers stole $882 million from cryptocurrency exchanges in 2 years

North Korean hackers stole $882 million from cryptocurrency exchanges in 2 years

North Korean hackers indicted for cyber attacks and financial crimes

A U.N. Security Council report has highlighted how North Korean hackers have been carrying out and sponsoring a wave of cyber attacks in the recent past “to illegally force the transfer of funds from financial institutions and cryptocurrency exchanges” in an attempt to overturn the impact of financial sanctions imposed on the country’s autocratic regime.

The report noted that North Korea has dedicated military units that are tasked with carrying out cyber operations “to generate income for the regime”. Pursuant to their mission, the units have carried out a series of cyber operations in the past few years that included the theft of $81 million from Bangladesh Bank, the theft of $2.7 million from Interpark, an online shopping mall, the theft of $10 million from Banco de Chile in May last year, and the theft of $13.5 million from Cosmos Bank in India in August last year.

Between 2015 and 2018, North Korean hackers also carried out many more cyber heists and cyber intrusions targeting victims in the United States, and in other countries in Europe, Asia, Africa, North America, and South America, inflicting losses in excess of $1 billion .

According to the Security Council report, a North Korean national named Park Jin Hyok, who is a member of the well-known Lazarus Group, engaged in a “wide-ranging, multi-year conspiracy to conduct computer intrusions and commit wire fraud by co-conspirators working on behalf of the government of the Democratic People ’s Republic of Korea” and used a front company called “Chosun Expo” in China to hide his identity and the fact that he was working on behalf of North Korea’s Reconnaissance General Bureau.

North Korean hackers stole hundreds of millions from crypto exchanges

The report also noted that North Korea has also been sponsoring and actively encouraging cyber attacks on a large number of cryptocurrency exchanges in order to gain foreign exchange to subvert the financial sanctions. The targeting of cryptocurrency exchanges makes sense for the regime as cryptocurrencies are harder to trace, can be laundered many times, and are independent of government regulation.

Back in 2017, independent cyber security researcher Ashley Shen told Sky News that hacker groups backed by North Korea such as Lazarus Group and Bluenoroff turned their attention from mining sensitive data to stealing digital currency, stating that mining digital currency was easier than physical currency and the surge in the value of Bitcoin had served as an additional incentive for the hackers.

For instance, a cyber attack on cryptocurrency marketplace NiceHash’s payment servers resulting in the loss of Bitcoin wallet value worth millions of dollars. According to CoinDesk, hackers stole as much as many as 4,736.42 Bitcoin from NiceHash customer wallets which was equivalent to more than $62 million at existing prices.

Similarly, a hacker managed to steal $7.4 million in cryptocurrency by hacking into CoinDash, a trading platform, during an Initial Coin Offering. The hacker took control of CoinDash’s website as soon as the ICO opened and replaced the link where investors could send their funds with a new one. This way, he pocketed the entire money that investors sent to CoinDash before the trader raised an alarm.

According to the recent Security Council report, at least five successful cyber attacks carried out by North Korean hackers between January 2017 and September 2018 resulted in the loss of $571 million in cryptocurrency. Including other smaller crypto-heists, hackers sponsored by North Korea inflicted losses of $882 million on cryptocurrency exchanges between January 2017 and September 2018.

These heists included the theft of 18,000 BTC worth $5 million from Bitstamp in January 2018, the theft of 523 million NEM worth $524 million by the Lazarus Group from Coincheck in the same month, the theft of 17 million NANO worth $170 million from Bitgrail in February 2018, and the theft of $32 million worth of cryptocurrency by the Lazarus Group from Bithumb in June 2018.

According to Dmitry Volkov, Chief Technology Officer at Group-IB who provided the numbers, while hackers had bankrupted a number of cryptocurrency exchanges such as Bitcurex, YouBit, and Bitgrail, they had turned their attention to other exchanges such as MoneyTaker, Cobalt, and Silence to earn more money in cryptocurrency.

North Korea must be brought to book for sponsoring cyber attacks

Based on how successful North Korean hackers have been in stealing funds in cryptocurrency by targeting exchanges, the Security Council panel recommended that “the Security Council, when drafting future financial sanctions measures, take account of cyber attacks carried out by the Democratic People’s Republic of Korea to circumvent the resolutions by illegally generating revenue for the Democratic People’s Republic of Korea.”

“Member States should enhance their ability to facilitate robust information exchange on the cyberattacks by the Democratic People’s Republic of Korea with other Governments and with their own financial institutions, to detect and prevent attempts by the Democratic People’s Republic of Korea to employ its cybercapabilities for sanctions evasion.

“Information about cyberattacks conducted by the Reconnaissance General Bureau as a means to evade financial sanctions and to gain foreign currency should be added to the Reconnaissance General Bureau’s entry on the 1718 sanctions list,” the panel added.


South Korean military secrets stolen by North Korean hackers in major cyber-attack

With an eye on Bitcoin, Lazarus Group targets cryptocurrency firms with spearphishing attacks

Cryptocurrency exchange Youbit declares bankruptcy following massive cyber-attack

Copyright Lyonsdown Limited 2021

Top Articles

2,500 years of Threat Intelligence

In order for threat intelligence to deliver as promised, we need to heed Sun Tzu and start with a data-driven approach.

Don’t fall foul of homoglyph web domains

Homoglyphs are characters from other scripts, which can look like Latin letters. They are used in domain names and they are very hard to spot.

Cyber attack targeted Spanish beer maker Damm; halted brewery operations

Damm, Spain's second largest beer-making company, suffered a major cyber attack targeting one of its IT systems last week.

Related Articles

[s2Member-Login login_redirect=”” /]