Cryptocurrency hacks are on the rise, with a notable increase in incidents involving state-affiliated or ideologically-driven hacking groups. North Korea, in particular, is facing scrutiny for its alleged role in these illicit activities. The escalating threats are compelling nations and multilateral institutions to collaborate and establish protective measures. Notably, security officials from the United States (US), South Korea, and Japan recently engaged in discussions regarding North Korea’s participation in cryptocurrency thefts, along with its involvement in nuclear and ballistic missile programs.
The burgeoning use of cryptocurrency for nefarious activities is not a groundbreaking revelation. However, the intriguing element lies in state participation, exemplified by North Korea. Utilizing stolen cryptocurrency funds for potential nuclear program financing complicates global trust in crypto and, more importantly, emerges as a critical international security concern.
Growing menace
North Korea, known for its severe repression and limited progress in promoting economic, social, and cultural rights, is now making concerning advancements in state-sponsored hacking of cryptocurrency organizations for funds, posing a significant global threat.
Utilising stolen cryptocurrency funds for potential nuclear program financing not only complicates global trust in crypto but, more importantly, emerges as a critical global security concern.
Since 2017, North Korea has expanded its focus on the cryptocurrency industry, stealing an estimated US$3 billion worth of cryptocurrency. Utilizing new technologies, the country’s leadership successfully extracts funds from traditional banks and digital assets, reflecting a concerning trend in the evolving cybercrime landscape.
Traditional bank heists are most certainly part of North Korea’s repertoire. Their suspected involvement in the US$81 million theft from the central bank of Bangladesh raised concerns about a potential shift in cyberwarfare tactics. The attackers employed the Society for Worldwide Interbank Financial Telecommunication (SWIFT) global payment messaging system, convincing the Federal Reserve Bank of New York to transfer funds from the Bangladesh bank to accounts in the Philippines. Subsequently, cyber-thieves targeted banks in Vietnam and Ecuador via the SWIFT network, exposing vulnerabilities in the once-regarded secure SWIFT messaging system.
The threat expands from conventional assets to cryptocurrency as the volume of money circulating within the ecosystem grows, as seen in the Ronin Network incident. On March 29th, the network reported a cyber theft, disclosing the loss of 173,600 Ether (ETH) and US$25.5 million coins from its cross-chain bridge, totaling US$540 million—the second-largest crypto theft in history. Responding to the breach, the US Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on the Ethereum address linked to the theft. The Lazarus Group, a North Korean state hacking group, was identified as the owner of the address, emphasizing the persistent threat from state-sponsored hacking groups exploiting cryptocurrency vulnerabilities.
The threat expands from conventional assets to cryptocurrency, as the volume of money circulating within the ecosystem continues to grow, as seen in the Ronin Network incident.
In June, North Korean hackers orchestrated the theft of US$100 million in crypto assets from Horizon Bridge, targeting the Harmony blockchain service. The FBI’s identifying the perpetrators underscores the ongoing global threat posed by state-sponsored hacking groups in the cryptocurrency ecosystem, necessitating heightened cybersecurity measures. The 2018 attack on the Japanese cryptocurrency exchange Coincheck, siphoning off US$530 million, remains unresolved regarding identifying the perpetrators. However, South Korea’s National Intelligence Service suggested North Korea’s potential involvement.
North Korea’s pursuit of hard currency involves stealing or demanding payment in Bitcoin or other cryptocurrencies, highlighting the adaptability of the regime to exploit digital assets for financial gain. North Korea engages in laundering stolen cryptocurrency, utilizing prominent cryptocurrency mixers like Blender.io and Tornado Cash. The complex money laundering network involves online infrastructure purchases, cryptocurrency conversion into fiat currency through Chinese nationals, and intricate processes that reveal the sophisticated nature of North Korea’s cyber operations.
Security as a cornerstone
The standard response involves imposing sanctions and penalties on nations and groups engaged in such activities. Given the sophistication of these attacks and the dynamic nature of the cryptocurrency ecosystem, predicting them is challenging. Hence, it is imperative to develop mechanisms for crypto security. While anti-money laundering (AML) and countering the financing of terrorism (CFT) frameworks are globally implemented, addressing blatant crypto theft for illicit purposes requires additional measures. Perhaps exploring a kill switch for immediate response to suspicious activities is a potential solution. Governments and enforcement agencies often act retrospectively, placing some responsibility on individuals to safeguard their cryptocurrency.
Given the sophistication of these attacks and the dynamic nature of the cryptocurrency ecosystem, predicting them is challenging.
However, it’s important to note that governments and enforcement agencies often respond decisively. In the aftermath of a security breach, the OFAC took prompt action, imposing sanctions on the Ethereum address linked to the theft. The entity identified as the Lazarus Group owned the address, and the FBI was actively investigating the incident.
While individual responsibility is crucial, it does not negate the government’s duty to safeguard its citizens. Starting with the basics, it’s vital to exercise extreme caution when engaging in cryptocurrency transactions, considering that cryptocurrency assets lack institutional safeguards against conventional fraud. Opting for hardware wallets is recommended for heightened security, as they offer more protection than “hot wallets” like MetaMask, which are continuously connected to the internet. In the case of hardware wallets linked to MetaMask, every transaction requires approval via the hardware wallet, adding an extra layer of security. Additionally, users should exclusively utilize trustworthy decentralized applications (dApps) and verify intelligent contract addresses to ensure their authenticity and integrity. The legitimacy of contract addresses can be verified using tools like MetaMask and block explorers such as Etherscan or sometimes directly within the app interface.
Regulators must continually evaluate new entrants in the cryptocurrency space, ensuring they are authorized, have valid exchanges that meet the latest security standards, and comply with the nation’s security regulations. The surge in cryptocurrency hacks orchestrated by state-affiliated groups underscores the need for a worldwide response to safeguard digital assets, contributing to global peace.
Starting with the basics, it’s crucial to exercise extreme caution when engaging in cryptocurrency transactions, considering that cryptocurrency assets lack institutional safeguards against conventional fraud.
North Korea’s involvement in traditional bank heists and cryptocurrency theft underscores the need for enhanced cybersecurity. The dynamic cryptocurrency landscape requires proactive security measures, and collaboration between nations, institutions, and individuals is crucial for formulating safeguards. Regulators play a pivotal role in assessing new entrants and ensuring compliance, collectively addressing cryptocurrency security challenges. Millions of dollars in cryptocurrency have been stolen, yet remarkably, this issue is still in its infancy. Formulating proactive measures is crucial before the situation gets out of hand.