The Democratic People’s Republic of Korea has been largely cut off from the international community due to its position as a totalitarian socialist state. This has led to severe economic distress thanks to the twofold effect of a punishing international sanctions regime — and having almost no trading partners. Not surprisingly, North Korea has been reportedly looking into other ways of generating income — with stealing crypto currently a hot favourite.
In terms of its hacking history, North Korea is no shrinking violet. In the past decade, for example, state-sponsored hackers Lazarus Group (also known as Hidden Cobra by U.S. authorities), is alleged to have been involved in several large-scale cyber attacks that primarily targeted the U.S. and South Korea. These attacks have included a DDoS attack on major South Korean and U.S. websites, several attacks on financial institutions and media outlets as well as a highly publicized attack on Sony in 2014.
Hacking South Korea for Bitcoin (available on Coinbase)
As of 2017, North Korea’s cybercriminals have started to focus their attention on cryptocurrencies as a new source of funds for the beleaguered regime. According to a report by threat intelligence provider Recorded Future, the Lazarus Group has been targeting South Korean Bitcoin (available on Coinbase) exchanges and Bitcoin (available on Coinbase) users with the purpose of stealing cryptocurrency holdings through spear phishing campaigns against exchange employees and individual users throughout 2017.
The first reported North Korean hack of a South Korean Bitcoin (available on Coinbase) exchange happened in February 2017 when Bithumb was hacked for around $7 million worth of cryptocurrency at the time. Throughout the year, numerous successful cryptocurrency cyber thefts occurred in South Korea, including at the Bitcoin (available on Coinbase) exchange Youbit, which was forced to declare bankruptcy after 17 percent of its total assets were stolen.
The WannaCry ransomware attack
In May 2017 the global ransomware attack commonly known as the WannaCry attack, was also said to have been conducted out of North Korea in an attempt to generate income through Bitcoin (available on Coinbase) ransomware payments. During the WannaCry attack, numerous international corporations and public sector institutions were affected and forced to pay a Bitcoin (available on Coinbase) ransom to regain access to their systems. In total, over 400,000 machines were affected by the malware worldwide.
While the attackers only managed to earn $120,000 worth of Bitcoin (available on Coinbase) in ransom payments, the attacks nonETHeless caused havoc for organizations such as the Deutsche Bundesbahn (DB) and the National Health Service (NHS) in the United Kingdom.
Kim Jong-un’s mining pool
Stealing cryptocurrencies from exchanges and wealthy users is not the only cryptocurrency-related activity that North Korean hackers are allegedly involved in. North Korea has also become an avid user of web-based Monero (XMR) mining malware, which mines the anonymous cryptocurrency using the CPU power of users (without their knowledge) who have visited particular websites.
This month investigators revealed the mining malware was sending the mined Monero to an address at the Kim Il Sung University in Pyongyang, North Korea. But this was not the first time Monero has been mined online by North Korean hackers. A hacker group named Bluenorroff mined Monero on compromised servers while attempting to steal funds from a financial institution — and another group named Andariel mined Monero on the network of a South Korean corporation, according to a report by cybersecurity company AlienVault.
Monero web mining software has been made popular by CoinHive, which promotes web-based Monero mining as an alternative monetization stream for websites that prefer not to run adverts. However, if users of a site are not made aware of the Monero mining script that is using up their CPU power, the use of this software is considered malicious.
Potential wider implications of North Korean hacking?
In light of these revelations, it sparks the question: how will lawmakers in countries such as the United States and South Korea react given that North Korea is actively trying to increase the funds in its war chest using cryptocurrencies? South Korea has emerged as one of the biggest Bitcoin (available on Coinbase) trading markets in the world. Today, the South Korean won is the third most traded fiat currency against Bitcoin (available on Coinbase). This has led to South Korean regulators stepping in and banning initial coin offerings within its borders and it has also banned anonymous cryptocurrency trading.
The United States, however, has not announced any sweeping cryptocurrency regulations yet. However, should the Trump administration become concerned about the link between North Korea and cryptocurrencies, this could abruptly change. If the allegations that North Korea is behind numerous cryptocurrency exchange hacks turn out to be true or are considered to be true by the U.S. authorities, the current administration might use this as a justification for imposing harsh regulations on cryptocurrency trading in general, and U.S. based blockchain ventures.
Due to the digital nature of cryptocurrencies, they have been a popular target for hackers from day one. From Bitcoin (available on Coinbase)’s inception in 2009 until March 2015, around one third of cryptocurrency exchanges have been hacked according to a study funded by the U.S. Department of Homeland Security. Despite increases in cybersecurity measures by exchanges and the increased use of hardware wallets by Bitcoin (available on Coinbase) users, the risk of cyber theft remains high. WhETHer more countries suffering under economic sanctions will resort to cryptocurrency cyber theft to fund their treasuries remains to be seen — but in today’s tech-driven world, it’s certainly within the realm of possibility.