For several months speculation, supported by a variety of independent research reports, has been that the Democratic People’s Republic of Korea, a.k.a., North Korea, along with its network of professional hacking gangs, has been the driving force behind the billions of dollars of crypto exchange compromise losses. The Nikkei Asian Review broke the news story that “the Security Council’s North Korean sanctions team were informed that digital assets provide the Democratic People’s Republic of Korea with more ways to evade sanctions, given that they are harder to trace, and are relatively easy to launder across borders and through individuals deemed suspicious.”
A panel of security industry experts informed the U.N. Security Council that: “North Korea could have upwards of $670 million worth of currencies”, that the nation does not rightfully own. “This stockpile purportedly includes cryptocurrencies, presumably like Bitcoin and Ethereum.” The panel estimated that Asian exchanges had been hit at least five times from January 2017 to September 2018 for $571 million. The panel’s conclusion: Cryptocurrencies give the North Korea regime “more ways to evade sanctions, given that they are harder to trace, can be laundered many times and are independent from government regulation.”
Back in January, Chainalysis released a report that claimed that two hacking groups were responsible for 60% of all publicly reported hacks. As we reported: “Chainalysis was able to discover that at least $1 billion of total exchange hacking losses to date are the result of two separate hacking gangs, each with its own modus operandi and individual personality. One gang acts with haste and a sense of urgency, while the other waits until publicity has faded before cashing out. In both instances, each firm disguises their movement of funds by layering the activity among multiple exchanges and utilizing as many as 5,000 transfer transactions before converting to fiat currency for ready withdrawal.”
Suspicions at the time were that the Lazarus Group, along with support from the national intelligence agency of North Korea, was one, if not both, of the noted “hacking gangs.” The U.N. report does not attempt to tie these two reports together, but the implication is that there is correlation. Another report has also recently surfaced from the Group-IB, which does not back away from a direct accusation. Its report claims that: “The North Korea-based Lazarus hacker group is responsible for some of the crypto industry’s most-damaging hacks in the past 12 months.” They counted 14 hacks in total.
The Group-IB reports goes on to add: “the group is directly tied to the attacks on the following five cryptocurrency platforms — CoinCheck, YouBit, Coinis, Bithumb, and Yapizon. Interestingly enough, it was noted that Lazarus was likely not responsible for the recent hacks on the Zaif, Bancor, and Coinrail platforms.”
A formal submission of the report will follow shortly, but the overriding recommendation to prevent future attacks is that U.N. member states “enhance their ability to facilitate robust information exchange on the cyber-attacks by the Democratic People’s Republic of Korea with other governments and with their own financial institutions.”