Are North Korean Hackers Amping Up Crypto Attacks?


by Catherine

The recent crypto price rally is not the only thing going up; hackers from North Korea have also been upping their momentum in crypto cyber attacks, which is something we never want up. To understand more on how their crypto raids go into financing the development of its weapons and illegal nuclear and ballistic missile activities, check out this article.

One of the largest crypto heist of its kind in history, according to the Federal Bureau of Investigation (FBI), is Axie Infinity. Just last March, Ronin, the underlying blockchain that powers the game, was raided by North Korean hacking syndicates, the Lazarus Group and APT38, and made off with about $620M. The FBI vowed to “continue to expose and combat [North Korea’s] use of illicit activities ─ including cyber crime and cryptocurrency theft ─ to generate revenue for the regime”. The absence of international crypto regulations and sanctions are not aiding the fight against these digital attackers.

The Financial Times pointed out that “it also highlights the opportunities afforded by the unregulated world of crypto to many other rogue regimes and criminal actors…with experts warning that the problem is likely to get worse over the decade as crypto exchanges are increasingly decentralised and more goods and services ─ legal and illicit ─ are made available for purchase with cryptocurrency.”

Allison Owen, a research analyst at RUSI’s Centre for Financial Crime and Security Studies, expressed that even though countries are moving in the right direction, North Korea will persist in finding creative ways to evade sanction. It is evident that cyber attacks from North Korea are increasingly more frequent as years go by. The South Korean National Intelligence Service estimates that Pyongyang has stolen about USD$1.72B in crypto worldwide since 2017.

With regards to the threat that North Korea poses and more, Radio Free Asia (RFA) Korean recently spoke with the U.S. Ambassador at Large for Cyberspace and Digital Policy, Nathaniel C. Fick.

Nathaniel explained that, “Kim Jong Un has been explicit in talking about his desire to see an exponential increase in the size of his nuclear arsenal and that would require an increase in the ballistic missile forces including ICBMs. So I think we can anticipate an increase in malicious cyber activity in order to fund that military buildup. So our working assumption is that North Korea will remain a capable, destabilising, and dangerously irresponsible cyber actor globally this year.”

He expressed concerns about North Korea’s focus on decentralised financial exchanges, crypto ones in particular. According to Nathaniel, since they are “new financial instruments where regulation is still developing”, they are “comparatively easy to penetrate and disruptive.”

Their latest attack happened just a couple of days ago. The North Korean Lazarus Group behind the Harmony exploit last June, attempted to launder another 17,278 Ethereum (ETH), valued at over $27M. This brings the total cashout attempt to close to $91M out of a total of $100M stolen. Fortunately, most of the funds were frozen by the security teams reportedly.

ZachXBT, a blockchain security researcher, posted on Twitter the evidence of $17.7M being moved through the two mixing tools and onto exchanges. When he discovered another address moving $10M worth of ETH, he followed up on his tweet.

The interception by Zach and the security teams at the unnamed exchanges received praise by the crypto community for being vigilant and being on the lookout. As to what will happen to the funds frozen by the crypto exchange security teams is still unclear ─ they might be returned to Harmony or turned over to the FBI so their security researchers can gain valuable insights and more information on the attackers.

And before this attack took place? Just in the mid of this month, the same group of North Korean hackers moved $63.5M (~41,000ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges.

The frequency at which the North Korean hackers strike seems to be on a gradual incline and that is worrying. The Financial Times also mentioned that one of the “worrying trends in the industry that are likely to play into the hands of the North Koreans…include the increasing prevalence of decentralised exchanges, which are harder for law enforcement agencies to target…”

The first month of 2023 is coming to a close but it does not look like crypto attacks by the North Korean hackers will come to a close or a stop any time soon, if ever. How long will we be at the mercy of their digital claws? What are your thoughts?

Leave a Reply