North Korea stole 'billions of won' in cryptocurrency last year

The country's southern counterpart says state-sponsored teams are still hacking into exchanges.
Written by Charlie Osborne, Contributing Writer
File Photo

North Korea stole cryptocurrency worth "billions" of won from South Korea last year and continues to attack exchanges for more.

As reported by Reuters, Kim Byung-kee, a member of South Korea's parliamentary intelligence committee, claims the North has been able to steal cryptocurrency from the country by way of phishing campaigns.

Phishing campaigns usually rely on emails sent through social engineering or en masse, including "official" messages bound for particular businesses -- and in this case, exchanges -- and may also utilize spoofed email addresses to appear legitimate.

These emails often contain malicious links or attached documents which have embedded malware payloads designed for the theft of information, account compromise, and surveillance.

According to the intelligence committee member, "North Korea sent emails that could hack into cryptocurrency exchanges and their customers' private information and stole (cryptocurrency) worth billions of won."

While Kim did not disclose which exchanges have been compromised by the North, the executive said the country was "continuously" testing the defenses of South Korean exchanges.

In January, a report from Recorded Futures alleged that Lazarus, a group believed to be sponsored by North Korea, was responsible for a number of cyberattacks on South Korean cryptocurrency exchanges in 2017.

Kim added that South Korea was "doing its best" to protect cryptocurrency exchanges. A successful hack can result not just in the loss of company funds, but also cryptocurrency belonging to investors.

However, it is a difficult proposition as new vulnerabilities and security flaws are constantly being discovered and used by threat actors to compromise web domains, online services, enterprise networks and home systems.

Last week, South Korea discovered a use-after-free zero-day exploit in Adobe Flash.

See also: The risky business of bitcoin: High-profile cryptocurrency catastrophes of 2017

The vulnerability, present in Adobe Flash versions and earlier, when exploited permits attackers to remotely execute code on Windows, macOS, Linux, and Chrome OS machines.

Adobe said the vulnerability was being "used in limited, targeted attacks against Windows users" and will be issuing a fix in a security bulletin this week.

How blockchain technology can transform our world

Previous and related coverage

Editorial standards