TronWeekly

Crypto World News

You are here: Home / Archives for North Korea

North Korea

North Korea’s Cryptocurrency Heists: A Persistent Threat

by

In the world of cryptocurrencies, 2023 seems to bring some good news: crypto thefts by North Korean bad actors have plummeted by a staggering 80% compared to the previous year, down from a jaw-dropping $1.7 billion in 2022 to $340.4 million. However, it’s vital to interpret these statistics with caution.

Blockchain forensics firm Chainalysis released a report on September 14, cautioning against hasty optimism. They emphasized that the reduction in stolen funds shouldn’t be viewed as a sign of improved security or diminished criminal activity. Instead, it serves as a stark reminder of the exceptionally high benchmark set in 2022.

Source: Chainalysis

Chainalysis noted,

“In reality, we are only one large hack away from crossing the billion-dollar threshold of stolen funds for 2023.”

Recent events corroborate this concern. Over the past ten days, North Korea’s Lazarus Group orchestrated two separate hacks: one targeting Stake, resulting in a $40 million loss on September 4, and another targeting CoinEx, which led to a $55 million loss on September 12. These incidents alone accounted for over $95 million in losses.

Crypto Defenses: Guarding Against Social Engineering

Shockingly, North Korea-linked attacks have constituted around 30% of all cryptocurrency funds stolen through hacks this year, according to Chainalysis.

Erin Plante, Chainalysis’ Vice President of Investigations, expressed her concerns, emphasizing that Lazarus continues to be a prolific crypto thief, and the national security threat posed by North Korea only adds to the worry.

To bolster defenses against these relentless attacks, cryptocurrency companies need to educate their employees on countering social engineering tactics often deployed by hacker groups. These tactics exploit human nature’s trust and carelessness to infiltrate corporate networks.

Simultaneously, Chainalysis revealed another troubling trend. North Korean hackers have increasingly relied on Russian-based exchanges to launder illicit funds in recent years. This partnership has been in place since 2021 and has involved substantial sums of money, including $21.9 million from Harmony’s $100 million bridge hack in June 2022.

Furthermore, the Lazarus Group has utilized United States-sanctioned cryptocurrency mixers like Tornado Cash and Blender in high-profile hacks, including the Harmony Bridge hack. This added layer of obfuscation complicates efforts to trace and recover stolen funds.

Recognizing the grave implications of these cybercrimes, the United Nations is actively working to curtail North Korea’s illicit activities on the international stage, as there is strong evidence suggesting that the stolen cryptocurrency funds are being used to support the country’s nuclear missile program.

In conclusion, while the reduced amount of cryptocurrency stolen by North Korean hackers in 2023 may offer a brief respite, it should not lead to complacency. The crypto world remains susceptible to sophisticated attacks, and vigilance, education, and international cooperation are crucial to mitigating this persistent threat. Moreover, increased smart contract audits may provide a valuable additional layer of security in the ongoing battle against cybercriminals.

South Korea’s Crypto Crackdown: Pursuing Illicit North Korean Funds

by

South Korea’s government is intensifying its efforts with legislation designed to trace and freeze North Korean cryptocurrency and virtual assets funneled into Pyongyang’s illicit weapons program. The story, initially reported by a local media outlet, cites confidential government sources who reveal that this move aims to overhaul the nation’s cybersecurity framework.

Anonymous insiders also divulge that the administration plans to amend the original bill proposed by the National Intelligence Service [NIS] in November 2022. The revisions will include new provisions to actively “trace and neutralize” cryptocurrency and other virtual assets acquired by North Korea through hacking and other unlawful means.

In addition to this cybersecurity legislation, there are reports that the South Korean government is contemplating the creation of a national cybersecurity committee directly under the president’s purview. This committee would implement a range of measures to fortify the country’s defenses against cyberattacks originating from foreign entities. The leadership of this committee, as per the report, would be entrusted to the chief of the National Security Office and would include the director of the NIS.

A recent report from South Korea’s National Intelligence Service underscores the ongoing threat posed by cyberattacks in the cryptocurrency space. Over a period of six months, North Korean hackers managed to accumulate an illicit fortune of approximately $180 million, highlighting the gravity of the situation.

The illicit activities of North Korea’s cyber community, notably the infamous Lazarus Group, have become a worldwide concern. This group has been responsible for numerous high-profile cryptocurrency breaches, including the massive $600 million hack of Ronin, the blockchain supporting the popular play-to-earn game Axie Infinity, which occurred last year.

South Korea Launched An Interagency Investigation

In June, South Korea established an interagency investigation unit to combat crypto-related crimes in response to a surge in illegal activities in the market and the absence of legal protections for investors. The nation’s cryptocurrency market, once one of the world’s fastest-growing, experienced a 66% decline in market capitalization last year due to a series of global and domestic events that dampened investor sentiment.

Domestic factors included a crash of the so-called stablecoin TerraUSD and its counterpart Luna in May 2022, leading to public outrage over alleged fraud by Do Kown, the developer of the currencies. Kown, a global fugitive, was apprehended in Montenegro and faces fraud charges in the United States.

Reuters further revealed that suspected crime-related transactions across local cryptocurrency exchanges surged by a staggering 1,263%, increasing from 66 in 2021 to 900 in 2022.

Crypto Conundrum: North Korean Hackers Pocket $180 Million Illegally

by

Over the course of six months, North Korean hackers have amassed an illicit fortune of around $180 million, highlighting the ongoing peril of cyberattacks in the realm of cryptocurrencies. This was revealed in a recent report by South Korea’s National Intelligence Service.

The illegal exploits of the North Korean cyber community, particularly the notorious Lazarus Group have become a global menace as they were responsible for several high-profile crypto breaches. Recall, last year’s staggering $600 million hack on Ronin, the blockchain underlying the popular play-to-earn game Axie Infinity.

The most recent case was CoinsPaid, affiliated with the crypto payments processor Alphapo, which fell victim to a daring $37 million hack. On-chain sleuths unanimously point towards the Lazarus Group’s involvement, as the digital fingerprints of their malicious activities are of a particular type.

The North Korean group’s cyber offensive has steadily escalated, with a particular focus on targeting not only domestic but also international space and defense sectors. This strategic intensification mirrors North Korea’s larger ambitions, as it seeks to fortify its nuclear capabilities and even venture into space with satellite launches.

Despite international pressure and condemnations, the Hermit Kingdom remained steadfast in its determination to exploit virtual assets for illicit gains. Experts estimated that a whopping 30 percent of the country’s foreign currency earnings stem from hacking activities.

To combat the growing threat posed by North Korea’s cyber crusade involving cryptocurrencies and other forms of cyber threats, the United States and South Korea have joined forces. In a significant demonstration of cooperation, the two nations recently convened their fourth working group meeting.

U.S. Join Forces With S. Korea To Combat North Korean Hackers

Hosted in South Korea, the meeting witnessed the collaborative efforts of U.S. Deputy Special Representative for North Korea Jung Pak and her South Korean counterpart, Lee Jun-il. The primary goal of this partnership is to fortify cooperation with virtual asset service providers and stem the flow of ill-gotten funds into North Korea’s ominous weapons development initiatives.

As the global community grapples with the multifaceted challenges of cybercrime, the ongoing exploits of North Korean hackers stand as a stark reminder that the world of cryptocurrencies remains a fertile ground for both innovation and exploitation. The urgency to devise effective countermeasures to safeguard these digital assets has never been greater, lest we continue to witness the audacious pilfering of fortunes at the hands of shadowy adversaries.

North Korea’s Crypto Caper: $700 Million Sweep

by

In the past, there have been numerous instances of cryptocurrency theft linked to hackers operating from North Korea. The rising global acceptance of cryptocurrencies has rendered them an appealing target for cybercriminals. Their decentralized nature and the regulatory uncertainties surrounding them have exposed cryptocurrencies to vulnerabilities and made them susceptible to such attacks.

In the year 2022, the trend of cryptocurrency theft persisted, witnessing a surge from $3.3 billion in 2021 to $3.8 billion in reported thefts. North Korean hackers were involved in the theft of approximately $1.7 billion worth of cryptocurrencies, as stated in various reports.

Safeguarding Cryptocurrency: Security Measures Needed

Recent updates from Yonhap, South Korea’s state intelligence agency, revealed that a staggering $700 million worth of crypto was stolen by North Korea during a crypto heist in 2022. This substantial amount, if used differently, could afford North Korea the resources to acquire 30 intercontinental ballistic missiles, as highlighted by the intelligence agency.

A high-ranking official from the National Intelligence Service (NIS) affirmed that North Korea was responsible for seizing $700 million in virtual assets through two separate incidents in the previous year.

Over the past years, North Korea’s cyberattacks have intensified, with a specific focus on the space and defense sectors both within its borders and beyond. This escalation coincides with the country’s ambitions to bolster its nuclear capabilities and launch space satellites, as disclosed by an official source.

Despite facing international pressure, North Korea persists in intensifying its efforts to pilfer virtual assets and convert them into monetary gains. According to experts’ estimates, hacking activities contribute to approximately 30 percent of North Korea’s foreign currency earnings.

The series of thefts involving digital assets underscores the necessity for enhanced security measures in the digital financial realm. As the popularity and adoption of digital currency continues to grow, so does the allure for cybercriminals seeking to exploit the vulnerabilities present in the decentralized system. Regulatory bodies and industry stakeholders must collaborate to develop robust protective measures to safeguard against such threats and maintain the integrity of the digital assets landscape.

Stolen Crypto Transfers Through Forbidden Russian Based Exchange

by

Cryptocurrency on move; the $35 million Atomic Wallet hack’s illicit proceeds are once again in circulation, with sanctioned Russian-based exchange Garantex being the most recent recipient.

Elliptic, a blockchain security and compliance company, provided an update on the situation involving the monies stolen from Atomic Wallet on June 13. It claims that the sanctioned Russian-based cryptocurrency exchange Garantex was used to launder the stolen funds by the North Korean cyber group, the Lazarus Group, which is thought to be responsible for the attack.

Elliptic and other exchange partners made a major and effective cross-community effort to freeze the stolen cryptocurrency, the company claimed in a tweet. Lazarus, however, has recently discovered alternative ways to exchange their valuables for Bitcoin.

Garantex and the Russian Hydra dark web market were both sanctioned by the US Office of Foreign Assets Control (OFAC) in April 2022.

The Treasury Department observed that Garantex was established in late 2019 and had its initial registration in Estonia before relocating the majority of its operations to Moscow.

It furtehr stated,

“Analysis of known Garantex transactions shows that over $100 million in transactions are associated with illicit actors and darknet markets.”

Lazarus Group’s Crypto Attacks, A Cause Of Concern

It was revealed earlier this month that the Lazarus Group routinely uses the Sinbad.io mixer, via which the illicit proceeds were being transferred.

Elliptic noted that the Sinbad.io mixer is still being used to obscure the cash that the hackers withdrew from Garantex.

In May 2022, the Treasury Department also imposed sanctions on Blender.io (the previous version of Sinbad.io), saying that North Korea was using the service to promote its illegal cyber activities and the money-laundering of stolen virtual currency.

A number of Atomic Wallet user accounts were compromised on June 3 and up to $35 million worth of digital assets were lost as a result.

Five days later, Atomic announced that it has hired Chainalysis, a blockchain security and analysis firm, to conduct the primary incident investigation. Chainalysis declined to comment on the Atomic Wallet case when Cointelegraph contacted them for an update on the investigation.

The Harmony Bridge hack and the Ronin Bridge hack, as well as other significant crypto exploits, have been attributed to the renowned North Korean hacking group in recent months.

Laundering Of Ethereum Worth $4M By N.Korean Lazarus Group

by

Funds being skimmed in Ethereum seem to be the trend of late. The notorious North Korean hackers known as Lazarus Group have reportedly been busy laundering cryptocurrency over the past two days, according to a recent tweet from blockchain tracker PeckShieldAlert. This is a portion of the Ethereum (ETH) that was taken in June of last year when Harmony’s Horizon cross-chain bridge was exploited.

An FBI report recently disclosed the specifics of this. A formal update to the announcement made by the Federal Bureau of Investigation in the final week of January concerning Lazarus (also known as APT38), a team of North Korean hackers who exploited the Horizon Bridge and stole about $100 million in Ethereum, in June, has been made.

Hackers have been utilizing the peel chain layering technique during the past two days. Peel chain enables the slow transfer of large amounts of cryptocurrency from one wallet to new addresses via short transactions. These new addresses are frequently created on cryptocurrency exchanges. However, since these transactions raise concerns and call for urgent reporting to authorities, AML departments on exchanges can easily identify this process.

Ethereum Worth $18M On The Move

On January 29, on-chain investigator ZachXBT announced that it had seen a substantially larger amount of the Harmony ETH being moved.

11,304 ETH were then valued at around $17.7 million. The money was distributed in modest amounts to at least six cryptocurrency trading platforms. ZachXBT quickly contacted them in the hopes that they would immediately freeze those funds that were obtained unlawfully. There was a good likelihood that the crypto would be returned to Harmony because the amount that was being split and moved was too huge to go unnoticed by the exchanges’ IT specialists.

According to a new UN report released by Reuters, North Korean government hackers had a record-breaking year in 2016. They purportedly contribute to the government’s nuclear weapons development programme.

Various sources cited by Reuters claim that DPRK hackers were successful in stealing cryptocurrency valued anywhere between $630 million and over $1 billion USD.

Because these hackers are employing more sophisticated hacking techniques than in the past, it is becoming difficult to track down the cryptocurrency they have stolen.

North Korea Breaks All Records For Crypto Thefts Of 2022

by

The 2022 bear was already incredibly brutal. However, scams and hacks made matters worse for the bitcoin market. North Korea was busy stealing money from other people’s wallets while the majority of the world was occupied with tracking down CEOs of insolvent companies who were on the run.

The entire world assumed that North Korea had been organizing numerous hacks over the last few years. There have been several prominent hacks associated with the nation. North Korea will steal the most bitcoins in 2022, according to a recent United Nations assessment that Reuters has obtained.

The report further stated,

“[North Korea] used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance, and to steal information of potential value, including to its weapons programmes.”

Hackers with ties to North Korea were found to have targeted the networks of major aerospace and defence companies last year. The nation was successful in stealing digital currency assets worth between $630 million and $1 billion.

The 15-member North Korea sanctions committee also received the report from the sanctions monitors.

Unleashing North Korea’s Tricks Over Crypto Theft

Hackers have been found predominantly targeting bridges during the past year. The worst-hit networks included Harmony’s Horizon Bridge and Ronin Bridge. Bridges seem to have become an easy target for these hackers. There were also other parallels between these hacks. This includes emphasizing Asian-based companies. The difficulty of communication may have caused this pattern.

The fact that these N.Korean hackers work 16-hour shifts starting at six in the morning was also exposed. The hackers are reportedly sent to countries like Russia and China for specialised training in cyberwarfare. Furthermore, even with the cooperation of the FBI and other national security organisations, it would be exceedingly challenging to prosecute these hackers. It is definitely impossible to obtain stolen money in your possession.

Even more recently, a Chainalysis investigation claimed that $3.5 billion had been stolen in bitcoin thefts. Given the enormous costs involved in carrying out these hacks, North Korea is to blame for $1.7 billion of the total.

Cryptocurrency Hack Alert: N.Korean Lazarus Group Back With New Dance, Old Tune

by

According to Microsoft, a threat actor has been found to be concentrating on bitcoin investment start-ups. In order to remotely access systems, a group Microsoft has identified as DEV-0139 pretended to be a cryptocurrency investment firm on Telegram and used an Excel file weaponized with “well-crafted” malware.

The danger fits into a pattern of recent highly sophisticated strikes. According to a blog post by Microsoft on December 6, the threat actor in this instance joined Telegram channels “used to enable contact between VIP clients and cryptocurrency exchange platforms” while falsely posing as OKX staff. Microsoft further elucidated,

“We are […] seeing more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads.”

The target was requested to join a new group and then provided with an Excel document that contrasted the VIP fee structures for OKX, Binance, and Huobi. A malicious.dll (Dynamic Link Library) software was secretly sideloaded into the user’s machine along with accurate information and a high level of awareness about the reality of cryptocurrency trading. During the discussion of fees, the target was then instructed to open the.dll file by themselves.

Long Known Attack Technique For Cryptocurrency Funds

The attack method itself is well known. Microsoft asserted that the threat actor was the same as the one discovered using.dll files for related objectives in June and was likely responsible for other cases. Using the AppleJeus malware version and an MSI, DEV-0139 is the same actor that cybersecurity firm Volexity connected to North Korea’s state-sponsored Lazarus Group, according to Microsoft (Microsoft installer). Kaspersky Labs reported on AppleJeus in 2020, and the government cybersecurity and infrastructure security agency of the United States documented it in 2021.

Lazarus Group has been formally linked to North Korea’s nuclear weapons program by the U.S. Treasury Department.

The Office of Foreign Asset Control, or OFAC, of the United States Treasury Department has revised the sanctions on cryptocurrency mixer Tornado Cash and added two people to its list of specially designated persons who are engaged in “transportation and procurement activities” for North Korea.

The Department of the Treasury declared on Nov. 8 that it had “delisted and simultaneously renamed” Tornado Cash in addition to using the actions of North Korean citizens Ri Sok and Yan Zhiyong as the foundation for penalties. The government department reaffirmed its allegations that the crypto mixer was involved in the laundering of $455 million in cryptocurrency that had been stolen by the Lazarus Group, which has ties to North Korea.

North Korea’s Revenue Likely to Fall Post-FTX Collapse

by

The consequences of the disastrous collapse of FTX for North Korea were mentioned by Troy Stangarone, senior director at the Korea Economic Institute of America (KEI). Stangarone noted in one of his blogs for The Diplomat that the demise of FTX made it harder for North Korea to take advantage of the flaws that still existed in the cryptocurrency ecosystem.

Stangarone claimed that because of its “zero-covid policy,” North Korea’s economy was heavily reliant on the proceeds from cryptocurrency hacks.

He also referred to a Chainalysis report that claimed that North Korea stole about $300 million in 2020 and $400 million in 2021. Additionally, it was calculated that N. Korea had taken cryptocurrency worth about $1 billion.

Cryptocurrency lacks proper regulation, says North Korea’s Troy Stangarone

Stangarone emphasized the fact that, despite the fact that cryptocurrencies are not brand-new, a lack of appropriate regulations makes them an attractive target for hackers. Additionally, the ability to hide the source of money by using mixers has attracted hackers to cryptocurrencies.

Stangarone claims that DeFi has specifically helped N. Korea to hack and launder money. According to him, DeFi platforms make it simpler to convert money into cash without the need for any know-your-customer protocols.

According to information from Stangarone, North Korea uses money that has been stolen and laundered to finance its illegal activities. The U.N. Panel of Experts states that stolen cryptocurrency proceeds “remain an important revenue source” for North Korea.

On the other hand, the collapse of FTX has prompted and alerted international regulators. It will be challenging for North Korea to carry out the hacks if more stringent controls are put in place.

Even if crypto companies do not improve their internal systems, the failure of FTX has increased regulatory scrutiny, says Stangarone. New regulations will necessitate stronger internal controls than were seen at FTX and are probably present at the majority of crypto firms, regardless of whether they are developed specifically for the crypto industry or existing regulations are expanded upon.

Additionally, bringing cryptocurrency closer to the traditional financial system and its regulatory framework, would close some of the gaps that North Korea has used to launder money.

Lazarus group alert: Japanese Police issue warning

by

The crypto-verse has had a number of hacks and attacks throughout the years. The Lazarus Group, located in North Korea, was recently found to be behind some of the most destructive attacks on the industry. The Lazarus Group has been engaged in cryptocurrency-related phishing breaches for a number of years, according to recent information from the Japanese government.

The Financial Services Agency (FSA) and Japan’s National Police Agency (NPA) have warned crypto platforms to be on the lookout for phishing scams. These organizations think that the primary reason the hacker gang has been taking cryptocurrency is that it is “handled more loosely.”

The statement went on to describe these phishing attacks in more detail. It read,

“This cyber attack group sends phishing emails to employees impersonating executives of the target company […] through social networking sites with false accounts, pretending to conduct business transactions […] The cyber-attack group [then] uses the malware as a foothold to gain access to the victim’s network.”

Therefore, businesses all around the country were urged not to click email attachments or even URLs carelessly. Downloading files from unverified sources was advised to be avoided, especially with reference to encryption.

The NPA also recommended “installing security software,” “using multi-factor authentication,” and avoiding using the same password across numerous platforms or services for owners of digital assets.

The community then began to wonder if the Lazarus Group would continue to get money from Japan.

The Lazarus group saga to continue?

The North Korean government’s support for the Lazarus Group is known to everyone worldwide. The community has seen numerous cryptocurrency platforms fail over the years. The Lazarus Group has established its control over these bridges, first with the Ronin Bridge breach and most recently with the Harmony’s Horizon Bridge hack.

Despite the Japanese government’s attempts, the Lazarus organization has persisted in destabilizing crypto companies there. It was revealed that crypto businesses have received many warning letters from the NPA and FSA. The most recent warning is said to be the fifth.

Therefore, it was unlikely that the Lazarus Group would see a decline in support from Japan.