“One of the most formidable hacking armies in the world,” is now believed to be targeting the crypto holdings of individuals, particularly wealthy ones, The South China Morning Post (SCMP) reports.
North Korean hackers have been identified by Group IB and others as the likely culprits behind hacks this year at Youbit and Coincheck exchanges, which collectively lost $571 million in cryptocurrencies this year and last in several hacks.
Youbit shut down after a second successful hack on its holdings.
Enhanced security these days at hack-weary exchanges previously favoured by North Korea’s famed Lazarus hack group mean they are now targeting the crypto stashes of wealthy individuals.
The CEO of South Korean cybersecurity firm Cuvepia, Kwon Seok-chul, told the SCMP that his firm has detected 30 such recent attacks on individuals, though he estimates the true number may be closer to 100.
“They are just simple wallet users investing in cryptocurrency,” he said.
The cybersecurity firm Kaspersky lab has previously linked Lazarus Group to an attempted $851 million USD hack on the Bank of Bangladesh and other hacks on banks in developing countries.
After the hacks on banks, Kaspersky says Lazarus Group moved on cryptocurrency exchanges.
The apparent switch to high net-worth individual holders of crypto suggests the group is still under pressure to produce illicit revenues for the North Korean state, SCMP reports.
The North Korean economy is notoriously weak and is now further beleaguered by the UN, the US and other sanctions levied in an attempt to deter the country’s nuclear program.
A source to Crowdfund Insider has described a recruiting process in place in Korea where talented young individuals are selected and given superlative education in languages and programming so that they may one day fill out the cell’s ranks.
But Lazarus Group is not the only hacking entity targeting wealthy crypto holders around the globe.
Members of the Silicon Valley REACT task force recently arrested and charged a young man in New York with hacking the cellphone of a Silicon Valley exec (SIM-swap hack) in order to steal $1 million in crypto from his Coinbase and Gemini cryptocurrency exchange accounts.
The hacks on individual crypto investors in Korea, however, appear to be email “spearphishing” hacks, prior to which personal information on a target is gathered through a process called “social engineering” (perusal of social media, for instance).
Once profiled, a target is sent an email designed to entice them to click on a malware-infected link that will allow attackers to take over their device.
At a recent cybersecurity conference in Las Vegas, a researcher told the story of an exchange employee and dog lover enticed by a phishing email to click on an infected link for a fictitious “nearby” dog show. The exchange was subsequently hacked.
Hackers created an elaborate fake website for the “dog show,” and have been known to create equally elaborate fake sites in other hacks.
In addition to SIM-swap and phishing hacks, hackers are also creating fake crypto-tracking and crypto-trading apps, are disseminating crypto-stealing malware through free web-traffic counters and other free and pirated software trading apps.
Makers of the crypto hardware wallet Trezor also recently warned that many counterfeit Trezor wallets have been found for sale online. Such a device would be totally unsafe for storing cryptocurrencies because makers could access an owner’s “private keys”- cryptographic codes that permit the transfer of “coins.”
Notably, the SCMP says hackers targeting wealthy crypto holders may have obtained personal info about them in exchange hacks.
Reuters estimates that more than $6 billion USD in cryptocurrencies have been stolen from exchanges since 2011.