朝鲜黑客涉嫌重大加密货币劫案

CategoryInstitution

North Korean Hackers Suspected in Major Cryptocurrency Heists is tracked as a internet infrastructure institution within the internet infrastructure ecosystem.

RegionAsia Pacific

North Korean Hackers Suspected in Major Cryptocurrency Heists has public-source relevance to network operations, governance, dependency mapping, or market structure.

Signal FocusMarket

North Korean Hackers Suspected in Major Cryptocurrency Heists has public-source relevance to network operations, governance, dependency mapping, or market structure.

Content TypePROFILE

North Korean Hackers Suspected in Major Cryptocurrency Heists is tracked as a internet infrastructure institution within the internet infrastructure ecosystem.

Primary DomainSecurity

Public-source signals support medium-impact monitoring for infrastructure visibility and dependency analysis.

TopicMarket

ImpactMedium

Public-source signals support medium-impact monitoring for infrastructure visibility and dependency analysis.

Confidence?Limited confidence (82%)

Several public sources

图片来源：Freepik

在近期针对区块链公司的一系列攻击中，收集到的证据强烈表明朝鲜黑客是这些数字抢劫的幕后黑手。主要目标CoinEx——一家加密货币交易所，本周早些时候报告称损失了3100万美元。以下是我们目前掌握的情况：另见: Ziggo集团任命领导人，备战2027年阿姆斯特丹上市.

CoinEx劫案与Lazarus集团的关联 另见: Alejandro Estua.

加密货币追踪公司Elliptic的专家密切监视了事态发展，指出臭名昭著的朝鲜政府操控的Lazarus集团可能对CoinEx攻击负责。他们的分析将此次CoinEx入侵事件与此前归因于Lazarus的网络攻击联系了起来。另见: 亚历杭德罗·曼佐.

Elliptic发现，从CoinEx窃取的部分资金被转移到了一个地址，而该地址此前曾被Lazarus集团用于清洗从在线赌场Stake.com和加密货币钱包服务Atomic Wallet攻击中获得的非法收益。尽管此前的攻击发生在不同的区块链上，但地址的重叠引发了怀疑。另见: 亚历杭德罗·埃尔南德斯.

被盗的CoinEx资金最初通过以太坊区块链转移，随后被发送回一个已知由CoinEx黑客控制的地址。这增加了Lazarus集团可能参与其中的可信度。另见: 亚历杭德罗·加尔萨.

朝鲜日益猖獗的加密货币盗窃潮 另见: Alejandro Guerrero.

CoinEx黑客事件只是归因于朝鲜的众多加密货币盗窃案中的冰山一角。据加密货币追踪公司Chainalysis的研究人员称，仅今年一年，这些非法活动就已累积超过3.404亿美元，而2022年的盗窃金额更是高达惊人的16.5亿美元。另见: Alec Gramont.

鉴于区块链交易的透明性，加密货币领域网络犯罪分子面临的挑战在于如何混淆其行为。Chainalysis强调，朝鲜组织越来越多地利用位于俄罗斯的加密货币交易所来清洗其非法加密资产。另见: AI芯片通胀：设备制造商受挤压，影响超越数据中心.

Lazarus集团不断演变的战术

Elliptic还注意到Lazarus集团的战术发生了转变。包括CoinEx盗窃案在内的近期攻击均以中心化加密货币平台为目标。这些平台的特点是存在单一控制实体，容易受到Lazarus惯用的社会工程学攻击。而去中心化金融（DeFi）服务则将权限分散到不同节点之间，对此类攻击表现出更强的抵御能力。

这种转变可能是因为DeFi服务改进了安全措施，使黑客更难发现和利用漏洞。相比之下，中心化交易所拥有庞大的员工队伍和集中的IT服务，仍然是网络犯罪分子的诱人目标。

正在进行的调查与否认

CoinEx尚未正式确认此次攻击的幕后黑手。但该公司已注意到，多家安全公司已指认朝鲜网络间谍团队应对此事负责。有关此次黑客事件的调查正在进行中。

与此同时，朝鲜驻纽约联合国代表团尚未就这些指控回应置询。

朝鲜黑客的加密货币盗窃议程

朝鲜黑客对加密货币盗窃的疯狂追逐已有大量记录。一份联合国报告强调，该国在过去一年中升级了加密货币盗窃行动，利用日益复杂的技术，在2022年成为首屈一指的加密货币盗窃者。

尽管越来越多的证据指向相反方向，朝鲜一直否认黑客和网络攻击指控。

Domain of operation

North Korean Hackers Suspected in Major Cryptocurrency Heists is profiled by BTW Media because published evidence links it to internet infrastructure, governance, operational dependencies, or market visibility.

Public role: North Korean Hackers Suspected in Major Cryptocurrency Heists is framed by north korean hackers suspected in major cryptocurrency heists is tracked as a internet infrastructure institution within the internet infrastructure ecosystem. and public security context. Evidence basis: North Korean Hackers Suspected in Major Cryptocurrency Heists article record; North Korean Hackers Suspected in Major Cryptocurrency Heists article record
Operating surface: Market and Asia Pacific provide the public context for this institution profile. Evidence basis: North Korean Hackers Suspected in Major Cryptocurrency Heists article record; North Korean Hackers Suspected in Major Cryptocurrency Heists article record

Timeline

08 Jun 2026
North Korean Hackers Suspected in Major Cryptocurrency Heists public profile updated
Public coverage records North Korean Hackers Suspected in Major Cryptocurrency Heists as a subject for role, operating context, and evidence review.

At A Glance

Name: North Korean Hackers Suspected in Major Cryptocurrency Heists
Type: Internet infrastructure institution
Base: Asia Pacific
Profile focus: Institution

What It Does

Public records support monitoring of its role, services, and key relationships.

Why It Matters

Public-source signals support medium-impact monitoring for infrastructure visibility and dependency analysis.
Operational criticality: Medium
Time horizon: Next quarter

What To Watch

Monitoring focuses on verified service continuity, governance changes, and relationship signals.

NowMedium priority

Track verified source updates, role changes, and current public evidence.

QuarterMedium policy sensitivity

Public-source signals support medium-impact monitoring for infrastructure visibility and dependency analysis.

YearNext quarter outlook

Longer-term relevance depends on verified operating, policy, and relationship changes.

Member Briefing

Deeper Profile Context

Only for Strategy Circle

Strategic Circle Access

Open to all readers. Unlock profile briefings after joining and logging in.

Join Strategic Circle

Only for Leadership Alliance

Leadership Alliance Access

For owners and management of IP-holding companies. Login required to unlock.

Join Leadership Alliance

Public View

The public read of North Korean Hackers Suspected in Major Cryptocurrency Heists is limited to visible role, operating context, and relationship evidence.

Watchpoints

New public role, affiliation, product, policy, or market disclosures.
Verified relationship changes involving named organizations or people.

Caveats

Private or unverified claims are excluded from this public view.

FAQ

Why is North Korean Hackers Suspected in Major Cryptocurrency Heists included?

North Korean Hackers Suspected in Major Cryptocurrency Heists has public evidence that makes the institution relevant to BTW's coverage of digital infrastructure, governance, or markets.

What is public about this profile?

The public layer covers visible role, operating context, linked organizations, and evidence-backed watchpoints.

What should readers watch next?

Readers should watch for source-backed role changes, new partnerships, regulatory exposure, operating expansion, or evidence that changes the public assessment.

← Back All Companies

0.90–1.00	A	High — direct sources
0.75–0.89	A/B	Strong
0.55–0.74	B/C	Medium
0.35–0.54	C/D	Weak–medium
0.10–0.34	D	Weak signal
0.00–0.09	D	Internal monitoring

North Korean Hackers Suspected in Major Cryptocurrency Heists