North Korean hackers keep the regime afloat

A report released in mid-August by the US-based blockchain analysis company Chainalysis suggests that hackers stole $1.9 billion in the first seven months of this year, up significantly from the $1.2 billion in cryptocurrencies such as Bitcoin, Ethereum, or Litecoin that was taken in the same period last year. And from the digital fingerprints left in the hackers’ wake, the company estimates that more than $1 billion of the total was stolen by “bad actors affiliated with North Korea, especially elite hacking units like Lazarus Group.”

The hackers have a number of approaches to access cryptocurrency accounts, with North Korea’s state-sponsored units presently focusing on exploiting decentralised finance protocols, it said. Also known as DeFi, this is an emerging technology in the sector that permits users to privately exchange cryptocurrencies without the need to go through an intermediary or involving public blockchains.

The problem with DeFi protocols, analysts point out, is that they use open source code that can be studied for weaknesses and then exploited by cybercriminals. Hacks in a variety of guises take place on a daily basis, the experts agree, with criminals recently exploiting a vulnerability in General Bytes Bitcoin ATM servers to syphon off cryptocurrency during transactions and crypto start-up Nomad resorting to offering bounties for anyone who helps the company to trace $190 million in digital currency that was seized in a hacking attack in early August.

Crypto hacks have been getting bigger year on year simply because the TVL [total value locked] in DeFi has been growing consistently,” a South Korea-based analyst for a digital asset investment firm told DW.

“North Korean hackers have been extremely successful since the early 2000s, preying on South Korean users with voice phishing attacks and on local banking services, which is why Korean banks are so over the top with security in comparison with Western banks,” said the analyst, who declined to be identified for security reasons.

South Korea’s concerns first began to be realised in a series of incidents two decades ago in which hackers were able to carry out denial-of-service attacks on the South’s infrastructure, from banks to power plants, hospitals and government ministries and agencies. Those attacks soon went further afield, with North Korea linked to the 2019 hacking attack on a nuclear power plant in India and the WannaCry ransomware attack that caused chaos in hospitals and other critical facilities around the world.

With sanctions on Pyongyang tightening as Kim Jong Un refused to bow to increasing international pressure over his nuclear and ICBM programs, the regime has been using its hackers to access other people’s money. Some $81 million was taken in a 2016 robbery that is commonly known as the Bangladesh Bank cyber heist, but the emergence and rapid growth in relatively unregulated cryptocurrency has been an opportunity for North Korea.

There are broadly two methods that hackers employ, according to Aditya Das, an analyst at cryptocurrency research firm Brave New Coin in Auckland, New Zealand.

“As well as taking advantage of DeFi vulnerabilities — which the North Koreans have become very good at — another frequent tactic is spearfishing, or using social media sites under an assumed name to contact people who are in the cryptocurrency sector, opening a conversation with them, building a friendship and then asking about the technology they are working on,” Das told DW.