According to cybersecurity firm Inksit Group, state-funded hackers in North Korea have been targeting crypto exchanges in South Korea to circumvent various sanctions imposed on the regime.
The security firm alleged the government of North Korea of running illicit initial coin offering (ICO) projects and breaching into large crypto exchanges.
“We discovered that North Korea’s ruling elite are technologically savvy, use a full range of older and cutting-edge computers, phones, and devices, use the internet as a tool for sanctions circumvention, and recently shifted to embrace Chinese social networking services over Western ones,” the Inksit Group said.
Why North Korea is Targeting Cryptocurrency
Like Iran, North Korea is isolated from the SWIFT network, the global financial system which international banks utilize to process cross-border payments. Consequently, it has become significantly difficult for North Korea to trade products and conduct businesses with international companies.
In January, Inksit Group and Recorded Future claimed that North Korea was behind several high profile security breaches suffered by South Korea’s cryptocurrency exchanges.
In a report entitled “North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign,” the cybersecurity firm stated that identical malware used in the Sony Pictures hacking attack and WannaCry ransomware was used in breaching into Coinlink, a local cryptocurrency exchange.
At the time, Inksit Group alleged Lazarus Group, a state-supported hacking organization in North Korea, for taking part in the Bithumb attack. Lazarus Group is suspected of having distributed Hangul Word Processor (HWP) files, which are equivalent to Microsoft Word documents in South Korea, to target employees of crypto exchanges.
This week, Inksit Group emphasized that the North Korean regime has continued to target local cryptocurrency trading platforms in South Korea.
“Broadly, these types of cryptocurrency scams fit the template of low-level financial crime described by defectors that has plagued South Korea for years, and that the international community is just beginning to track. It is a natural step for both a group of actors that has been so embedded in the cryptocurrency world for years and for a network that is being forced to innovate new funding streams to counter the effects of international sanctions.”
The report also alleged North Korea for running a fraudulent ICO project called Marine Chain. The researchers stated that a network of North Korea “enablers” in Singapore created various ICO scams including HOLD.
Capt. Foong, who was listed as the CEO of Marine Chain at the time of the token sale, is said to be a contractor to several Singaporean countries that helped North Korea sanctions circumvention efforts for over five years.
“The companies Capt. Foong has worked for have been linked to manipulating the national flag registries for three countries, which were frequently used as flags of convenience for North Korean vessels,” the report read.
Aware of the efforts of hacking groups targeting cryptocurrency exchanges in South Korea, several government agencies have required digital asset trading platforms to focus on the implementation of strong security measures to prevent breaches and obtain insurance to protect user funds.
Bithumb, the largest cryptocurrency exchange in South Korea by trading volume, was hacked less than four months ago by the same hacking method it suffered from in July of 2017