A cybersecurity firm has revealed details of a campaign by state-sponsored North Korean hackers to steal bitcoin from South Korean cryptocurrency exchanges. According to a new report by cybersecurity firm FireEye, hackers backed by Kim Jong Un’s regime in North Korea are specifically targeting South…
A cybersecurity firm has revealed details of a campaign by state-sponsored North Korean hackers to steal bitcoin from South Korean cryptocurrency exchanges.
According to a new report by cybersecurity firm FireEye, hackers backed by Kim Jong Un’s regime in North Korea are specifically targeting South Korean cryptocurrency exchanges to steal bitcoin and other digital currencies.
An excerpt from the report points to a campaign funded by the state or the ‘personal coffers of Pyongyang’s elite’ that sees:
[S]tate-sponsored actors seeking to steal bitcoin and other virtual currencies as a means of evading sanctions and obtaining hard currencies to fund the regime.
As CCN reported in April this year, a South Korean cybersecurity firm accused hackers from North Korea of stealing bitcoin worth 1000 million won (approx. $90,000) every month from 2013-2015 to increase their reserves of hard (safe haven) currency.
Since the following month in May, FireEye researchers revealed they observed North Korean hackers target at least three South Korean cryptocurrency exchanges to steal funds. They did so with spear-phishing campaigns, researchers added, that targeted personal email accounts of employees at digital currency exchanges. The malware found in the emails were similar to variants linked to North Korean hackers suspected to the perpetrators of cyber-heists from global banks last year.
Researchers point to multiple attacks, including one incident in April where South Korean bitcoin exchange Yapizon lost over $5 million in user funds and bitcoin due to a wallet compromise. Four days later, FireEye researchers’ timeline shows the United States and the wider international community working toward increased economic sanctions.
Between May and July, researchers highlight four more attacks, one of which saw Bithumb – South Korea’s largest bitcoin and Ethereum exchange – suffer a comprehensive breach of personal data belonging to an estimated 31,000 users. News reports also revealed that “hundreds of millions” of Korean won had been stolen from Bithumb.
It’s entirely possible that North Korea is turning to bitcoin by stealing them from exchanges to then launder it into hard cash amid increasing scrutiny and sanctions from the international community.
“If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies such as South Korean won, US dollars, or Chinese renminbi,” the report added. “As the regulatory environment around cryptocurrencies is still emerging, some exchanges in different jurisdictions may have lax anti-money laundering controls easing this process and make the exchanges an attractive tactic for anyone seeking hard currency.”
South Korea is currently in the process of drafting regulations for bitcoin exchanges in the country.
Featured image from Shutterstock.
Last modified: January 24, 2020 11:33 PM UTC