North Korean hackers were responsible for numerous attacks on cryptocurrency exchanges that resulted in the theft of $6.99 million worth of tokens this year.
Citing South Korea’s National Intelligence Service (NIS), Reuters stated that, back in June, North Korean hackers were also to blame for leaking personal information from 36,000 accounts on Bithumb, which is the busiest cryptocurrency exchange in the world.
According to the NIS, the malware used to hack the cryptocurrency exchanges was similar to that of the Sony Pictures and Bank of Bangladesh hacks. Korea Internet & Security Agency (KISA) also stopped an attack using emails that had malware embedded in them, noted Reuters, citing South Korean newspaper Chosun Ilbo.
In September, Bloomberg Technology reported news that North Korean hackers hit cryptocurrency exchanges in South Korea and related sites, breached an English language bitcoin news website and funneled bitcoin ransom payments from WannaCry victims. The stolen cryptocurrencies could be used to help North Korea avoid trade restrictions, including recent sanctions approved by the United Nations Security Council. U.S. officials said the new measures would cut the country’s textile exports by 90 percent, restricting its ability to get hard currency.
“We definitely see sanctions being a big lever driving this sort of activity,” said FireEye’s Senior Cyber Threat Intelligence Analyst Luke McNamara, author of the new report. “They probably see it as a very low cost solution to bring in hard cash.”
FireEye has confirmed cyberattacks on at least three South Korean exchanges so far in 2017. In May, Seoul-based exchange Yapizon lost more than 3,800 bitcoins (worth about $15 million) due to theft, although there is no proven news of North Korean involvement.
South Korea may have become a target because it’s currently one of the busiest trading hubs for cryptocurrencies. The attacks were carried out through spear-phishing attacks or email files laced with malware.