Cybercrime is a momentous problem for all entities that are present on the internet, there is no denying it, but when you consider cryptocurrency, the crime seems to be taking place at an unparalleled scale. According to information provided by two separate cyber security firms namely Group-IB and Recorded Future, a total of almost $882 million was stolen through initial coin offerings (ICOs) and cryptocurrency funds over the period of the last two years since 2016. Recent evidence however pointed out that nearly three-fourths of the amount that was stolen in crypto funds, which sums up to approximately $571 million, was taken by North Korean hackers.
Recorded Future, which is a security firm based in the United States, published reports on October 25, stating their findings that the North Korean Government had sponsored at least two bogus cryptocurrencies. The report titled “Shifting Patterns in Internet Use Reveal Adaptable and Innovative North Korean Ruling Elite” was presented by the research team Inskit Group at Recorded Future and it mentioned two alleged altcoin frauds that were connected to North Korea.
The first fraudulent crypto coin purportedly backed by North Korea was called Interstellar coin and it was discovered by Inskit Group in June this year. Reports state that the cryptocurrency has been renamed multiple times using various names such as HOLD, HUZU, or Stellar. The second coin, which is called Marie Chain coin, was found in a number of Bitcoin forums in August 2018. It was the same coin which apparently facilitated the tokenization of maritime vessels for various owners and users. It was stated to be fraudulent by the Canadian state of Ontario.
In a recent turn of events the North Korean hackers shifted to targeting individual holders of cryptocurrency as part of a new scheme by Pyongyang to mitigate the consequences of international sanctions that were placed on it.
Stealing cryptocurrency such as Bitcoin from individuals shows a shift from the previous thefts that were carried out on exchanges and financial institutions. International analysts stated that Pyongyang is attempting to find a new source of revenue as it is suffocating under the sanctions which target the country’s unsanctioned nuclear weapons programme.
An English-language media site South China Morning Post reported on November 29, that the CEO of a cyber-security firm called Cuvepia stated that his firm had detected more than thirty cyber-attacks on individuals who were holding cryptocurrencies and that the hacks were carried out hackers all of whom belonged to North Korea. Kwon Seol-Chul CEO of Cuvepia also stated that a lot of cases had gone undetected and that more than hundred attacks might have occurred.
Another reason behind the shift in the strategy of the North Korean hackers is due to the cyber-security enhancements that were implemented by various crypto exchanges and financial institutions. Simon Choi who is the founder of cyber warfare research company IssueMakersLab while talking about the hackers targeting individual crypto investors stated:
Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security.
He also pointed out that the hackers were targeting rich South Koreans as they were of the belief that stealing from CEOs of financially rich firms and leaders of organizations would give them a chance to tap into billions of funds in virtual currencies.
Luke McNamara, who is an analyst at FireEye which is also a cyber-security company, laid down the information that the hackers possibly would have gotten a hold of the information about the wealthy people through previous hacks carried out on cryptocurrency exchanges.
Kaspersky Labs also claimed that in a similar hack North Korean hacker group called Lazarus Group had employed the first macOS virus to breach a crypto exchange. The North Korean had been very effective in their thefts. Their methods involved gathering intel to understand their targets so that it would be easy for them to create lures that were very specific to the target entities.
Experts have raised concern over North Korea’s strategies to steer away from the impact of international sanctions placed on it by the United States urging the global community to raise security and implement plans to tackle the North Korean cyber-crimes.