In the recent round of attcks targetting blockchain companies, evidence gathered strongly suggests North Korean hackers are behind these digital heists. The primary target CoinEx, a cryptocurrency exchange, reported a $31 million loss earlier this week. Here’s what we know:
CoinEx Heist and the Lazarus Group Connection
Cryptocurrency tracking experts at Elliptic closely monitored the situation, indicating that the Lazarus Group, a notorious North Korean government operation, may be responsible for the CoinEx attack. Their analysis connected the CoinEx breach with previous cyberattacks attributed to Lazarus.
Elliptic found that some of the stolen funds from CoinEx were funneled to an address previously used by the Lazarus Group to launder ill-gotten gains from attacks on online casino Stake.com and cryptocurrency wallet service Atomic Wallet. Although these prior attacks were on different blockchains, the overlap in addresses raises suspicions.
The stolen CoinEx funds initially traveled through the Ethereum blockchain before being sent back to an address known to be controlled by the CoinEx hacker. This adds weight to the claim that Lazarus Group may be involved.
North Korea’s Growing Cryptocurrency Theft Spree
The CoinEx hack is just a drop in the bucket of cryptocurrency thefts attributed to North Korea. According to researchers at cryptocurrency-tracking company Chainalysis, these illicit activities have amassed over $340.4 million this year alone, following a staggering $1.65 billion haul in 2022.
The challenge for cybercriminals in the cryptocurrency space lies in obfuscating their actions, given the transparency of blockchain transactions. Chainalysis highlighted that North Korean groups have increasingly used Russia-based cryptocurrency exchanges for laundering their illicit crypto assets.
Lazarus Group’s Evolving Tactics
Elliptic also noted a shift in Lazarus Group’s tactics. Recent attacks, including the CoinEx theft, have targeted centralized cryptocurrency platforms. These platforms, characterized by a single controlling entity, are susceptible to social-engineering attacks, a favored Lazarus tactic. Decentralized finance (DeFi) services, on the other hand, distribute authority among different nodes and are proving more resilient to such assaults.
The shift may be due to improved security measures among DeFi services, making it harder for hackers to identify and exploit vulnerabilities. In contrast, centralized exchanges, with their larger workforces and centralized IT services, remain attractive targets for cybercriminals.
Ongoing Investigations and Denials
CoinEx has yet to officially identify the perpetrators behind the attack. However, the company is aware that security firms have pointed fingers at North Korean cyber-espionage teams. The investigation into the hack is ongoing.
Meanwhile, North Korea’s mission to the United Nations in New York has not responded to inquiries regarding the allegations.
North Korea Hackers’ Cryptocurrency Theft Agenda
North Korean hackers’ aggressive pursuit of cryptocurrency theft has been well-documented. A United Nations report highlighted that the country escalated its cryptocurrency theft in the previous year, utilizing increasingly sophisticated techniques to become the leading cryptocurrency thief in 2022.
North Korea has consistently denied allegations of hacking and cyberattacks, despite mounting evidence to the contrary.