This is how North Korean crypto hackers fund their regime

hacker 2077138 960 720 960x600 1
  • Apart from exploiting the vulnerabilities in DeFi and other crypto protocols, North Korean hackers use a method of spearfishing.
  • These hackers target unknown individuals by sending them malicious malware through different files.

North Korea has been one of the most active nations behind several of the cryptocurrency hacks taking place over the last year. In mid-August, US-based blockchain analysis company Chainalysis suggested that hackers stole more than $1.9 billion (€1.9 billion) during the first seven months of 2022.

Of this total money lost in crypto hacks, the “bad actors affiliated with North Korea, especially elite hacking units like Lazarus Group” stole over $1 billion. These notorious hackers of North Korea have been targeting crypto investors in a number of ways.

Recently, they have been pretty focused on targeting decentralized finance (DeFi) protocols. This is because a large number of DeFi protocols use open source code which can be studied by their weaknesses and later exploited by cybercriminals. Speaking to the DW publication, a South Korea-based analyst for a digital asset investment firm said:

Crypto hacks have been getting bigger year on year simply because the TVL [total value locked]in DeFi has been growing consistently.

Targeting South Korean users

South Korean investors have been one of the biggest participants in the crypto space over the last decade. Thus, targeting them becomes an easy task for the notorious North Korean hackers.

Over the last decade and more, North Korean hackers have been conducting denial-of-service (DoS) attacks on South Korea’s infrastructure. The South Korean analyst, who wanted to keep his identity undeclared said:

North Korean hackers have been extremely successful since the early 2000s, preying on South Korean users with voice phishing attacks and on local banking services, which is why Korean banks are so over the top with security in comparison with Western banks.

Aditya Das, an analyst at cryptocurrency research firm Brave New Coin said that hackers basically employ two methods for stealing cryptocurrencies. Speaking to the DW publication, Das said:

As well as taking advantage of DeFi vulnerabilities — which the North Koreans have become very good at — another frequent tactic is spearfishing, or using social media sites under an assumed name to contact people who are in the cryptocurrency sector, opening a conversation with them, building a friendship and then asking about the technology they are working on.

Das adds that in several cases they make a working offer for a well-paid job while getting some evidence of the technology the person is working on. Soon as they get any inside information, they send a file with malware attached to access the system. Unknown individuals usually fall prey to such tactics, adds Das. “Part of the problem is that the crypto space is not regulated or registered as these companies favor revenue over security,” he added.

The U.S. sanctions on the go

The United States has been taking every possible measure to stop these hackers from North Korea. As per reports, the North Korean hackers were using crypto mixers like Tornado Cash to mask their identities. Last month, the U.S. Treasury Department announced a complete ban on Tornado Cash.

Earlier in May this year, the U.S. Treasury Department also sanctioned crypto mixer Blender.io for supporting the “malicious cyber activities and money-laundering of stolen virtual currency” by North Korea. In both the cases – Tornado Cash and Blender.io – the agency spotted North Korea’s Lazarus Group being active behind it. They noted that the Lazarus Group funds to the North Korean government “for its unlawful weapons of mass destruction (WMD) and ballistic missile programs.”