North Korea is actively targeting cryptocurrency exchanges in South Korea, in a bid to steal digital currency and undermine their enemy’s cryptocurrency infrastructure, according to a report published this week.
The rogue state, which is economically crippled by the weight of heavy international sanctions, is thought to be using its attacks on cryptocurrency exchanges to circumvent these embargoes.
Individuals or organisations with ties to North Korea were found to have been behind a slew of recent attacks on exchanges in neighbouring South Korea, according to the report published by cybersecurity company FireEye.
According to Luke McNamara, a senior intelligence analyst at the firm, malicious North Korean actors have been targeting cryptocurrency exchanges for a number of months, following on from earlier attacks on global banks in 2016.
“Since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds…The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware … linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016.”
The announcement comes at a time when North Korea is facing an increasingly hostile global community, following on from a spate of illegal nuclear tests that have brought even its few longstanding allies to express criticism.
This week, new sanctions have been introduced by approval of the UN Security Council, in recognition of the increasingly aggressive global stance of the North Korean state.
While McNamara stopped short of naming the three exchanges he said had been targeted by North Korean actors, Yapizon saw a large-scale breach in April of this year, leading to fears that a number of wallets may have been compromised.
While this cannot be confirmed as part of the North Korean attempts to pilfer currency, some analysts have suggested it is ‘more likely than not’ to have been a factor.
McNamara pointed out that the inherent structure of cryptocurrencies, and the lack of meaningful regulatory oversight at present, made exchanges an attractive target for a rogue nation looking to circumvent sanctions.
“If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies such as South Korean won, US dollars, or Chinese renminbi.”
“As the regulatory environment around cryptocurrencies is still emerging, some exchanges in different jurisdictions may have lax anti-money laundering controls easing this process and make the exchanges an attractive tactic for anyone seeking hard currency.”