South Korea Blames North Korean Hackers For Stealing Bitcoin

North Korean State-Sponsored Hackers Attacked Four Virtual Currency Exchanges in Seoul- Report Reveals.

North Korea is being held responsible for conducting cyber-attacks against South Korean virtual currency exchanges. According to a report from Yonhap news agency, police carried out a comprehensive investigation and concluded that North Korea is directly responsible for cyber attacks on dozens of email accounts belonging to employees of four main bitcoin exchanges in South Korea.

More: Hackers Steal Billions in S.Korean Won by Hacking 4th Largest Bitcoin Exchange

It is being alleged that North Korean hackers sent emails with malware to the employees between July and August 2017. These hackers pulled off such a feat by pretending to be security authorities while the emails were sent to a single IP address, which was found to be associated with previous hacking incidents against Seoul where North Korea was found to be involved. Moreover, according to the Police, North Korea sent test emails before launching the actual attack via infected emails because the location of origin of those test emails has been traced back to North Korea.

It is worth noting that North Korea has been sanctioned heavily by the UNO on the grounds of its nuclear and missile programmes. Therefore, one has every reason to speculate that the country is looking for ways to obtain funds through digital currency. However, so far there is no report about stealing of digital currency or compromising of computers in any of the reported hacking incidents from North Korea.

Hackers used spearphishing method to launch attacks, and it is apparent that cryptocurrencies have emerged as ‘an asset class’ and have become the target of interest of regimes that operate as a ‘criminal enterprise’ too, stated security firm FireEye’s analyst Luke McNamara in his report on the hacking incidents.

“These are essentially places where people can buy or sell cryptocurrencies … like bitcoin or Ethereum. It’s similar to how you might trade on the stock market, but specifically for cryptocurrencies,” wrote McNamara.

The reason for targeting South Korean is quite clear though; the country happens to be world’s busiest trading centers as far as digital or cryptocurrency is concerned. Bithumb is the world’s largest exchange for virtual currency Ethereum, which is located in Seoul.

“If you also look at the amount of daily trading volume in South Korea, it’s pretty significant and makes up a big portion of the global trading encrypted currencies. It makes logical sense that if you’re interested in stealing bitcoin, these exchanges are a big centralized target to focus on,” explained McNamara.

FireEye report also pointed out that the hacking group behind these attacks on cryptocurrency exchanges is state-sponsored and working with the Kim Jong-un regime. The regime has shifted its focus on virtual currency because such transactions are usually anonymized, and hence, through them, North Korea can easily control money laundering in traditional markets.

FireEye reported earlier in September that North Korean hackers attacked at least three cryptocurrency exchanges since May while investigation revealed that four exchanges had been targeted so far. What we can conclude is that North Korea has stepped up the efforts of expanding its stockpile of nuclear weapons as well as bitcoin and other cryptocurrencies.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.