Ethical Hacking News
North Korea has been accused of stealing over $659 million in cryptocurrency assets across five major incidents in 2024 alone, with the US, Japan, and South Korea vowing to intensify their counter efforts against North Korea's cybercrime activities.
North Korea stole over $659 million in crypto assets across five major incidents in 2024. Previous North Korean hacks netted the country an estimated $88 million over six years. The US Department of Justice warned about North Korea's complex social engineering schemes in September 2024. The attacks targeted cryptocurrency exchanges, including WazirX and BitcoinDMM, resulting in losses of $235 million and $308 million respectively. North Korean hackers also targeted Ginco, a Japanese enterprise crypto wallet company, stealing $88 million worth of crypto assets. The attacks are attributed to the group of hackers tracked by law enforcement agencies as TraderTraitor. The use of cryptocurrency is believed to be part of North Korea's efforts to generate revenue for its weapons program. International cooperation and improved cybersecurity defenses are needed to combat this threat.
North Korea has been making headlines recently for its brazen cryptocurrency heists, with the latest revelations claiming that the country stole over $659 million in crypto assets across five major incidents in 2024 alone. This is not an isolated incident, as North Korean hackers have been targeting the cryptocurrency industry for several years, with previous attacks netting the country an estimated $88 million over six years.
The most recent series of attacks began to gain attention from law enforcement agencies and cybersecurity experts in September 2024, when the US Department of Justice (DOJ) issued a statement warning about North Korea's complex social engineering schemes. These schemes, which involve pretending to be legitimate IT workers or recruiters, have been used by North Korean hackers to gain access to cryptocurrency exchanges and steal large sums of money.
One of the most significant attacks was on the Indian crypto exchange WazirX, which lost $235 million worth of crypto assets in July 2024. The attackers compromised the exchange's multi-signature wallet, using a combination of phishing and malware to obtain all four signatures required to authorize transactions. This breach allowed them to access the exchange's reserves and steal large sums of money.
Another significant attack was on the BitcoinDMM crypto exchange, which lost $308 million worth of crypto assets in May 2024. The attackers used a pre-employment test, which turned out to be a malicious Python script, to gain access to the exchange's unencrypted communications system. They then exploited stolen session cookies to impersonate an employee and gain access to the exchange's transaction authorization processes.
The attacks on WazirX and BitcoinDMM were not isolated incidents. North Korean hackers also targeted the Japanese enterprise crypto wallet company Ginco, stealing $88 million worth of crypto assets in March 2024. The attackers used a fake IT worker scam to gain access to Ginco's system, exploiting a vulnerability in the exchange's email system.
The attacks have been attributed to a group of hackers tracked by law enforcement agencies as TraderTraitor. This group has been linked to several high-profile cryptocurrency heists in recent years, including a $1.7 million attack on the Swiss crypto exchange FTX in 2022.
The use of cryptocurrency by North Korea is believed to be part of the country's efforts to generate revenue for its weapons program. The US Department of Justice has stated that the money generated from these attacks is used to fund North Korea's weapons programs.
In response to the recent attacks, the US, Japan, and South Korea have vowed to intensify their counter efforts against North Korea's cybercrime activities. The three countries have called for deeper collaboration between the public and private sectors to step up their efforts to combat North Korean hacking.
The attacks on cryptocurrency exchanges are just one part of a broader trend of North Korea using social engineering schemes to steal money from Western companies. In recent years, there have been several high-profile incidents where North Korean hackers have infiltrated major cybersecurity companies, including KnowBe4 and Fortinet.
In one notable incident, a North Korean spy was caught after faking a US identity and landing a software engineering job on the vendor's AI team. The spy used their company-issued Mac to load malware, which ultimately led to their discovery.
The use of social engineering schemes by North Korea has also been used to demand ransoms for stolen data. In one case, a group of hackers demanded six-figure ransoms for data they stole during their undercover work at Western companies.
In conclusion, the recent cryptocurrency heists attributed to North Korea are just the latest in a long line of brazen attacks by the country's cybercrime unit. The use of social engineering schemes and targeted attacks on cryptocurrency exchanges is just one part of a broader trend of North Korea using its hacking capabilities to generate revenue for its weapons program.
The international community must take steps to combat this threat, including increasing collaboration between public and private sectors to improve cybersecurity defenses and sharing intelligence on North Korean hacking activities. By working together, we can prevent these types of attacks from happening in the future and protect the integrity of the global cryptocurrency market.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2025/01/15/north_korea_crypto_heists/
https://www.bleepingcomputer.com/news/security/north-korean-hackers-stole-13-billion-worth-of-crypto-this-year/
https://cryptopotato.com/crypto-heists-surge-north-korean-hackers-responsible-for-61-of-2-2b-stolen-in-2024/
Published: Wed Jan 15 09:13:14 2025 by llama3.2 3B Q4_K_M
