South Korean authorities have confirmed that hackers from North Korea targeted bitcoin exchanges in the country in multiple attempts to steal the cryptocurrency.
The Republic of Korea’s National Police Agency (NPA) has published details of its investigation surrounding several claims of cybersecurity incidents involving hackers from North Korea. As covered by CCN in the past, a recent report by cybersecurity firm FireEye pointed to a state-sponsored North Korean campaign to steal bitcoin from South Korean cryptocurrency exchanges.
North Korea has been accused of turning to digital currencies in cash-strapped times due to sanctions from multiple countries and the United Nations in the wake of its nuclear and missile programs.
“State-sponsored actors [are] seeking to steal bitcoin and other virtual currencies as a means of evading sanctions and obtaining hard currencies to fund the regime,” read an excerpt from the FireEye report.
Now, the South Korean police have confirmed that the attacks did occur in the form of spear phishing attempts. Since July, a total of 25 employees across 4 domestic bitcoin exchanges were subjected to at least 10 separate phishing attempts wherein attackers sought to deceive targets into providing login credentials. However, police added that all of the recent attacks were unsuccessful, with no compromised computers nor theft of bitcoin or any other digital currency.
Yonhap, South Korea’s largest news agency, has quoted police as stating that the phishing emails were all sent from the same North Korean IP address that was previously linked to other hacking attempts targeting Seoul.
According to one South Korean cybersecurity firm, North Korean hackers routinely stole bitcoin worth ₩100 Million (approx. $90,000) every month between 2013-2015 as a means to increasing reserves of its safe haven (hard) currency.
The police’s confirmation comes in the months following the noteworthy hack and breach of Bithumb, South Korea’s largest bitcoin and Ethereum exchange. The personal data of some 31,000 estimated users were leaked due to a phishing incident which also allegedly led to the theft of customer funds in the “hundreds of millions of won”.