Anonymous hacker without face hacked personal computer

North Korean hackers, fake pizza guys out to steal your tokens

Digital asset holders are being warned that their tokens are under constant threat from both rogue nation-states and thugs posing as Amazon deliverymen.

A new Reuters report details the efforts by a state-sponsored North Korean (DPRK) hacking group to break into the systems of JumpCloud, a Colorado-based IT management firm that helps network administrators manage devices and servers. The hack, which JumpCloud acknowledged in a blog post last week, was first noticed in late-June following “anomalous activity on an internal orchestration system.”

JumpCloud claimed this unauthorized activity followed a spear-phishing campaign by “sophisticated and persistent adversaries with advanced capabilities.” JumpCloud alerted clients and law enforcement agencies that a “nation-state sponsored threat actor” had gained unauthorized access to its systems “to target a small and specific set of our customers.”

Reuters reported that JumpCloud’s incident response partner CrowdStrike Holdings had confirmed that the North Korean group known as ‘Labyrinth Chollima’ was behind the hack. Reuters further reported that the hackers “used their access to [JumpCloud’s] systems to target its cryptocurrency company clients in an effort to steal digital cash.”

Labyrinth Chollima is a sub-group of the notorious Lazarus Group, which has been blamed for attacks on Atomic Wallet, Axie Infinity’s Ronin Bridge, Harmony and countless others. The illicit proceeds of these attacks are usually funneled through ‘coin mixing’ services such as Tornado Cash then sold for cash on exchanges to fund DPRK operations, including its nuclear weapons program.

While JumpCloud has said the threat posed by the hack has since been “mitigated,” it declined to offer specifics on whether impacted customers had suffered any loss of their digital assets or the volume of stolen tokens (if any).

Sentinel One senior threat researcher Tom Hegel issued his own post saying the attack followed “a similar pattern to other DPRK-linked campaigns we track.” Hegel warned that North Korean hackers are “continuously adapting and exploring novel methods to infiltrate targeted networks … The DPRK demonstrates a profound understanding of the benefits derived from meticulously selecting high-value targets as a pivot point to conduct supply chain attacks into fruitful networks.”

In February, the United Nations reported that North Korea was responsible for over US$600 million in stolen digital assets last year, a new record for the so-called Hermit Kingdom. Blockchain researchers Chainalysis put last year’s figure closer to US$1.7 billion, although the precise total remains anyone’s guess.

It’s more than a little ironic that all this crypto havoc likely got an assist from Virgil Griffith, the former Ethereum developer. In 2019, Griffith ignored U.S. State Department warnings and traveled to North Korea to give a presentation on how digital currencies could be used to evade Western economic sanctions. Griffith was arrested later that year, pleaded guilty in 2021 to conspiring to violate sanctions and in 2022 was sentenced to 63 months in prison.

Griffith may have been motivated by some anarchic belief that he was helping to bring down the USD-dominated economic system that ‘crypto bros’ believe needs to be demolished and replaced with whatever token project they’re promoting that week. Griffith’s crypto evangelism seems to have blinded him to the fatal hardships imposed on millions in the decades that the Kim family’s despotic dynasty has ruled North Korea.

Not so beautiful British Columbia

Meanwhile, on the other side of the Pacific Ocean, the Royal Canadian Mounted Police (RCMP) and municipal police in Canada’s west coast province of British Columbia are sounding the alarm following a series of brazen in-person digital asset thefts in the Greater Vancouver area.

On Wednesday, police issued a public warning about “several robberies whose victims are high-value cryptocurrency investors.” Police added that “the suspects appear to know the victims are heavily invested in cryptocurrency, know where they live, and are robbing them in their own homes.”

So far, only one arrest has been made, and police declined to say whether the robberies are linked to the same group. However, a “discernable pattern” has emerged in which the suspects “gain access to a victim’s home by posing as delivery people or persons of authority.” After gaining entry, the suspects use whatever means necessary to force the victims to hand over the private keys to their digital assets.

The precise number of victims wasn’t disclosed, but police suspect there are other victims who for whatever reason decided not to report their losses. There were also no details provided on the amount or type of tokens stolen, with police citing their ongoing investigations as justifying the lack of disclosure.

Another matter of some intrigue is how the perpetrators knew their victims were ‘high-value’ holders. Social media bragging? Loose lips at the country club? Or was some digital asset exchange database compromised by a group such as Lazarus, giving them the home addresses of big-bag holders. If this is a coordinated effort, why did they start with Vancouver? What cities might be next?

Digital asset recovery to the rescue!

Whether the victims of token theft are entities or individuals, the fact that such crimes are increasing in both frequency and scale is all the more reason for blockchain purists to drop their objections to the concept of digital asset recovery.

In a nutshell, digital asset recovery involves an individual or entity with verifiable proof of ownership of specific assets securing a court order (or its legal equivalent) that calls for the freezing of said assets on their respective blockchain(s). The assets are then reissued at the tip of the chain, with a full audit history so that everyone can understand their provenance. Rights are respected, criminals are thwarted and order is restored.

While anarchic types view digital asset recovery as heresy, the rest of the world has grown accustomed to the reassurance of enforceable property laws. Despite the ubiquity of ‘not your keys, not your coins’ memes, there’s zero reason that property laws shouldn’t apply to digital assets. Absent those laws, the digital asset sector will never achieve mainstream adoption, leaving it languishing in its cliquey ghetto forever.

While pioneered on the BSV blockchain—and based on the Alert Key function that was present in Bitcoin’s original design—digital asset recovery works on all blockchains. Its adoption would dramatically simplify the method by which victims of fraud or theft—or their own fumble-fingered mistakes—can be reunited with their rightful property. The knowledge that their ill-gotten gains could be frozen prior to liquidation might also deter criminals from engaging in future thefts.

Until that magical day arrives, if someone rings your doorbell, make sure you know what’s lurking on the other side before opening the door.

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.