North Korea is making its mark on the cryptocurrency sphere, and in a nefarious way.
Last Tuesday, South Korean exchange Youbit suffered their second hacking for the year, losing 17% of its total assets and ultimately declaring bankruptcy.
Being only one of several exchange heists recently, cybersecurity firm CrowdStrike’s CEO George Kurtz told CNBC that this recent robbery of Youbit, along with that of Bithumb in July were all perpetrated by North Korean hackers.
In an interview with CNBC, Kurtz says North Korea’s threat in the cryptocurrency space is something to be taken seriously.
“I certainly think it highlights the capabilities that North Korea has in cyber… It’s something a lot of companies should be concerned about, particularly those companies that are dealing in Bitcoin and cryptocurrencies,” he said.
Kurtz isn’t the only cybersecurity expert pointing fingers at North Korea for cryptocurrency heists. Earlier this week, SecureWorks senior security researcher Rafe Pilling issued a warning about a fake job advert targeting cryptocurrency industry professionals through email—a seemingly harmless Microsoft Word attachment triggers the installation of a Remote Access Trojan (RAT) that snoops around the victim’s system to assess if it’s worth looting before installing additional malware to aid the robbery. The attack was attributed to the Lazarus Group—the same group said to be responsible for the WannaCry ransomware, which blackmails users into depositing cryptocurrency tokens lest their files be wiped or publicized, as well as a botched attempt on a $1 billion loot from the Bangladesh Central Bank.
According to Pilling, this attack also originates from North Korea and is highly likely “state-sponsored” considering the fact that such an operation will not go unnoticed in the tightly controlled rogue state—making it highly probable that the spearphishing campaign had at least a certain level of approval from the government.
In an article, FireEye senior cyber threat intelligence analyst Luke McNamara outlines incidents of suspicious activity observed from North Korea which they began observing in 2016. McNamara says that North Korea’s monopoly of criminality in the cryptocurrency space, however, may probably be short-lived, and they might soon have to compete with even more groups with similar intentions.
“…it should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise. While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential. Cyber criminals may no longer be the only nefarious actors in this space,” he concluded.