South Korea’s spy agency says it suspects North Korean hackers staged several large-scale cyberattacks against cryptocurrency exchanges in the South, seeking to alleviate Bitcoin and other digital currencies to bypass the international sanctions against Pyongyang.
Kristian Rouz – South Korea’s counter-intelligence agency says Pyongyang had a hand in several cyberattacks against Bitcoin exchanges in Seoul. The attacks happened earlier this year, and resulted in the hackers obtaining cryptocurrency to the value of almost $7 mln at the time.
According to the South Korean National Intelligence Service (NIS), North Korean hackers breached user databases of Bitthumb – the nation’s largest cryptocurrency exchange – back in June. The hackers reportedly accessed personal information of up to 36,000 Bitthumb users.
The NIS also said North Korean hackers penetrated another cryptocurrency exchange, Coinis, in September.
The hackers then used the compromised information in order to move Bitcoin and other digital currencies from user accounts. The money has allegedly been used to finance North Korea’s nuclear and ballistic missile programs, and boost the country’s armaments production.
The NIS says hackers used the same code as that used by Lazarus back in 2014, when North Korean hackers compromised the computer systems of Sony.
This year’s cyberattacks also included the theft of Bitcoin and other digital currencies from the accounts of exchange Yapizon (now re-branded as Youbit).
Besides moving substantial sums of digital currencies out of the country, the hackers also requested a $5.5-million ransom from Bitthumb – in exchange for deleting the compromised personal information of its users.
Additionally, in October, hackers targeted another 10 cryptocurrency exchanges, by sending out e-mails containing malware. These attacks were prevented at an early stage by the Korean Internet Security Agency (KISA).
The malware used in these attacks is also the same as the viruses used in the 2014 and 2016 security breaches of the Bangladeshi central bank. The NIS also reported emails used in the October attacks are registered on North Korea’s Internet domain. The stolen cryptocurrency has since significantly increased in value, and is now worth $83 mln.
The evidence collected by the NIS will be passed to the prosecution, which will determine the further path of the investigation. The Bitthumb hack is being probed by the Supreme Prosecutors’ Office, whilst the thwarted October attacks are investigated by local law enforcement.
North Korea has reportedly intensified its cyber activities in response to the mounting international sanctions aimed at containing its nuclear ambitions. Earlier this year, cybercriminals attacked the British National Health Service (NHS), disrupting its work for almost a day. MI-6 suspects North Korea is involved with that case.