North Korean hackers linked to the Lazarus group have intensified their illegal activities in the world of cryptocurrencies in recent months, according to an analysis by Elliptic Research. The report indicates that in a period of 104 days, they carried out five attacks on cryptocurrency wallets and protocols, which resulted in the theft of around $240 million. The FBI has confirmed responsibility for four of these assaults, and everything indicates that the money, once “laundered”, is used to finance the Kim Jong-un regime.
The attacks occurred between June 3 and September 12 and targeted various crypto platforms: Atomic Wallet ($100 million), CoinsPaid ($37.3 million), Alphapo ($60 million) and Stake .com ($41 million). The last of the five attacks, the one carried out by CoinEx on September 12, has not been confirmed by the FBI.
Elliptic’s investigations suggest that the stolen funds were directed to addresses previously used by Lazarus, reinforcing suspicion of his involvement. And this theory is also supported by on-chain researcher ZachXBT, who explained, on his Twitter account, that the CoinEx hacker had “accidentally connected his address with the Stake hack.”
This return of Lazarus to the cryptocurrency cyberattack scene marks a change in their strategy, as they had previously focused on decentralized finance protocols. They now appear to be targeting centralized platforms, possibly due to the increased viability of social engineering attacks against these targets.
This change is in line with what a confidential United Nations report to which Reuters had access pointed out last year. This document detailed that North Korea continued to develop its nuclear programs during 2021 and that these cyberattacks were an important source of income for Pyongyang.
Furthermore, another UN report carried out in 2019 pointed out that North Korea was guilty of the theft of 1.75 billion euros in crypto assets to continue financing its nuclear program. “Large-scale attacks against cryptocurrency exchanges allow the Democratic People’s Republic of Korea (DPRK) to generate revenue in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector,” the document stated.
North Korea has not commented on this wave of attacks. At the moment the world of cryptocurrencies faces a crossroads and must reevaluate its security protocols to protect against threats from the digital underworld. The CoinEx heist is not only a warning to this community, but also a wake-up call to the entire world about the risks of hacker activities backed by rogue states in the digital age.