North Korean hackers stole $659 million in cryptocurrency

Joint statement from US and South Korea highlights ‘significant threat’ to global blockchain companies

North Korean state-backed hackers have stolen millions of crypto assets in multiple heists. These heists were part of a larger program of malicious activity funding the North Korean regime.

The governments of the United States and South Korea issued a joint statement statement accusing North Korean state-backed hacking groups of stealing more than $659 million in cryptocurrency in multiple heists. The statement also warns that these groups, affiliated with the Democratic People’s Republic of Korea (DPRK), remain a significant threat to blockchain companies around the world.

The joint statement said: “As recently as September 2024, the United States government observed aggressive targeting of the cryptocurrency sector by the DPRK with well-disguised social engineering attacks that ultimately deploy malware, such as such as TraderTraitor, AppleGames and others. and Japan have observed similar trends and tactics used by the DPRK.

The statement also highlighted the broader implications of these cyberattacks. “The DPRK’s cyber program threatens our three countries and the international community as a whole and particularly poses a significant threat to the integrity and stability of the international financial system.” he said.

North Korea’s involvement in the July 2024 attack on India’s largest Bitcoin exchange, WazirX, which resulted in losses of $235 million, was also confirmed in the statement. Other major breaches attributed to DPRK-linked hackers include last year’s attacks on DMM Bitcoin ($308 million), Upbit ($50 million), Rain Management ($16.13 million), and Radiant Capital ($50 million).

Harnessing remote IT work

Beyond cryptocurrency heists, the DPRK’s tactics include infiltrating private companies under the guise of remote IT employees. U.S., South Korean and Japanese agencies have repeatedly warned of North Koreans posing as U.S.-based IT professionals by taking advantage of U.S. laptop fleets to access corporate networks.

North Korean IT agents, who call themselves “cyber warriors,” have been trained to conceal their true identities in order to gain employment at companies around the world. Some, like one recently employed by cybersecurity firm KnowBe4 as a senior software engineer, have managed to successfully pass extensive hiring processes, including background checks, reference checks and video interviews. Using stolen identities and AI tools, this individual attempted to install malware on company devices shortly after being hired.

In some cases, these agents have exploited privileged access to extort former employers, threatening to release sensitive information if their demands are not met.

The U.S. State Department responded by offering up to $5 million for tips that could disrupt the operations of North Korean front companies, including Yanbian Silverstar and Volasys Silverstar. Over the past six years, these entities have allegedly generated more than $88 million through fraudulent remote IT work schemes.

“The United States, Japan, and the Republic of Korea advise private sector entities, particularly in the blockchain and self-employment sectors, to carefully review these notices and announcements to better inform mitigation measures cyber threats and mitigate the risk of inadvertently hiring IT workers from the DPRK. concludes the joint statement.

Want to know more? Computer science It is Cybersecurity Festival returns to London in May, where senior IT decision-makers can learn about modern challenges, compare strategies with their peers and find solutions. Click here to register for free.