Simon Choi of IssueMakersLabs, a so-called “cyber warfare research group”, recently told the SCMP that while Bitcoin hackers from North Korea used to target exchanges and their employees, a shift towards ‘common Joes’ in the cryptocurrency economy.
North Korea Still In Love With Bitcoin, Crypto
Due to the decentralized, borderless, and censorship-resistant nature of Bitcoin and related technologies, North Korea, the world’s most well-known hermit state, has taken a liking to this decade-old innovation. But some would argue that North Korea has taken its crypto penchant a bit too far, with a multitude of reports indicating that the nation is leveraging cryptocurrencies for dubious financial gain.
As reported by Ethereum World News in mid-October, Lazarus, a supposed North Korea-based hacker consortium, was found to be responsible for five cryptocurrency exchange hacks, including the now-infamous $500 million breach of CoinCheck. A report from cybersecurity firm Group-IB, who first divulged this information, indicated that Lazarus’ constituents used social engineering, phishing, and malware to forcefully visit pertinent databases and access points.
Now, per the South China Morning Post, Lazarus has set its targets on retail crypto consumers, like you or me, who often aren’t the target of such bigwig hacker collectives.
Backing this claim, Kwon Seok-chul, CEO of South Korea-based cybersecurity organization Cuvepia, noted that his firm has detected a minimum of 30 times that North Korean hackers have attacked cryptocurrency holders since April 2018.
Kwon, accentuating that the victims were just “simple wallet users”, went on to note that Cuvepia’s systems likely just detected the tip of the iceberg, adding that the “true number may be well over 100.” Explaining the reasoning behind the shift from lucrative exchange hacks, a seeming Robinhood-inspired form of attack, to individual wallet breaches, Choi noted that the former group has begun to bolster their security efforts.
Binance, for example, recently moved a majority of the Ethereum-based tokens it has custody over, more than $1.2 billion worth, to a new, arguably more secure wallet, as reported by Ethereum World News previously. The cybersecurity researcher explained:
The exchanges have become used to the attacks and boosted their security somewhat. Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security.
Interestingly, Choi went on to add that the North Korean hackers are likely targeting South Korean CEOs, many of which may have billions of won in digital assets, such as Bitcoin.
Although the aforementioned statements make it sounds like Lazarus has given up on attacking exchanges entirely, Luke McNamara of FireEye recently claimed that Lazarus’ inaugural claims to fame could have aided in its efforts to target individual cryptocurrency users. He noted:
It’s possible from previous intrusions they’ve been able to collect information related to the email addresses, usernames of the people using these exchanges.
Regardless of the details, the SCMP’s most recent report on the matter underlines the state’s goal to reportedly bypass sanctions through the trading, garnering, and use of cryptocurrencies.
And in spite of purported hackers, other reports indicate that North Korea is still hell-bent on launching its second international crypto- and blockchain-centric conference.