South Korea has been very active in the cryptocurrency space, with its population being one of the most actively purchasing, trading and holding bitcoin as well as other virtual currencies. On the other hand, the South Korean government has been attempting to regulate cryptocurrency exchanges and monitor its users. It is now North Korea’s turn to appear in the news concerning digital currencies.
The North Korean, government-related, hacking group Lazarus has been accused of hacking exchanges and attacking its users in late 2017. The American cybersecurity company Recorded Future confirmed the allegations in a report. Recent news communicated that North Korea was mining cryptocurrencies and using them to circumvent international financial restrictions that are applied to the country. The said mining activities were illegally carried out using malware and were linked to a server belonging to Kim Il Sung University, in Pyongyang. It is believed the mined cryptocurrency could be going to the regime. Digital currencies, such as Bitcoin or Monero, are hardly traceable and secure and therefore allow the government to inject funds into the economy however it pleases. Unfortunately, those funds are almost certainly not going towards the population. The report states that these newly reported occurrences of hacking are very similar, as the stolen currencies are also being used to avoid financial regulations.
The Recorded Future report stated that “North Korean government actors, specifically Lazarus Group, continued to target South Korean cryptocurrency exchanges and users in late 2017”. Multiple tools were used by the hackers to obtain users’ information and extract wallet data and contents. The same malware that was used in the Sony Pictures Entertainment case in 2014 appears to have been used again by the hackers. The North Korean group also used phishing attacks to obtain passwords from users. In addition, they used a vulnerability found in the Hangul Word Processor, a word and document processor used in South Korea, to obtain access to users’ computers and extract private information. Individuals received emails containing a “contaminated” document that would plant a virus on their computer if opened. Once installed, this malware would obtain the information and later, the hackers would steal the cryptocurrency funds. Notorious cryptocurrency exchanges such as Bithumb and Youbit have reportedly been hacked by North Korean entities.
It will be interesting to see how South Korean authorities will deal with the constant waves of hacking attacks coming from North Korea. This will certainly add onto existing issues for South Korean officials who are already attempting to regulate exchanges and monitor the crypto markets. The battle now begins between hackers and regulators.
TLDR: Reports surfaced that North Korean group Lazarus has hacked cryptocurrency exchanges to penetrate into accounts and steal funds from its users. The tools that were used were mostly phishing attacks and malware. The North Korean regime is most likely behind those attacks.