North Korea is suspected of intensifying cyber-attacks to steal virtual currency in order to obtain funds and avert tightening sanctions, according to security experts.
North Korea is suspected of intensifying cyber-attacks to steal virtual currency in order to obtain funds and avert tightening sanctions, according to security experts. North Korean hackers have mounted attacks on at least three South Korean cryptocurrency exchanges since May, security researcher FireEye said in a report Monday. The attacks include an apparently successful one when four wallets at Seoul-based exchange Yapizon were compromised. Local news reports said that in May Yapizon had more than 3,800 bitcoins worth USD 15 million stolen — although FireEye said there were no clear indications of North Korean involvement in that case. South Korea’s opposition Bareun Party lawmaker Ha Tae- Kyung, who has followed North Korean hacking attempts, said it had apparently stolen more than 90 billion won (USD 80 million) from South Korea through hacking attacks in the four years to June, including cyber-attacks on ATMs.
“North Korea has set its sights on the so-called next generation financial markets, including virtual currencies, pin-tech and blockchains,” he told journalists last week. “Alongside the UN-imposed sanctions, international cooperation is also required to curb the North’s cyber-hacking which can be used to finance its nuclear and missile programmes”, he said. South Korea has become one of the world’s busiest trading hubs for cryptocurrencies, with Seoul-based Bithumb ranking as the world’s largest exchange for the ethereum virtual currency. In June Bithumb was hit by cyber attacks, possibly linked to the North, in which information about 30,000 customers was leaked.
Some 160 customers are preparing a class action suit against Bithumb, claiming they lost around $10 million in total. North Korean actors used “spearphishing” attacks targeting the personal email accounts of employees at digital currency exchanges, FireEye said in its report published yesterday. They frequently use tax-themed lures and deployed malware and variants linked to the North Koreans who are suspected of being behind intrusions into global banks in 2016, FireEye said.
“It should be no surprise that cryptocurencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise”, it said.