North Korea is stealing bitcoin and the threat to cryptocurrency investors is growing, experts warn

If South Korea bans trading, the hackers will likely start targeting exchanges and users around the world

Aatif Sulleyman
Monday 22 January 2018 13:13
What is Bitcoin and why is its price so high?

North Korea is trying to steal bitcoin and other cryptocurrencies from holders, and could soon start targeting people all over the world, researchers have warned.

Cyber security experts have discovered a recent malware campaign that targeted cryptocurrency users and exchanges in South Korea.

They expect similar attacks to be used to steal cryptocurrencies from people in other countries in the near future, especially if South Korea introduces a ban on trading, as its government has threatened to do.

“This late 2017 campaign is a continuation of North Korea’s interest in cryptocurrency, which we now know encompasses a broad range of activities including mining, ransomware, and outright theft,” said cyber security firm Recorded Future.

“Outside of the May WannaCry attack, the majority of North Korean cryptocurrency operations have targeted South Korean users and exchanges, but we expect this trend to change in 2018.”

The price of bitcoin and other digital currencies plummeted last week, after the South Korean government revealed that it was weighing up a complete ban on cryptocurrency trading.

If that was to happen, North Korean hackers would be forced to look further afield for targets.

“As South Korean exchanges harden their networks and the government imposes stricter regulatory controls on cryptocurrencies, exchanges and users in other countries should be aware of the increased threat level from North Korean actors,” Recorded Future added.

The company says that the malware campaign it spotted from late 2017 used several different lures, and targeted cryptocurrency users, the Coinlink exchange and cryptocurrency exchanges “at large”, which appear to be hiring.

One lure appeared to be designed to obtain the login details of Coinlink exchange users.

Two more appeared to be “resumes stolen from two actual South Korean computer scientists, both with work experience at South Korean cryptocurrency exchanges”, Recorded Future said.

Numerous recent reports have concluded that North Korean hackers are increasingly targeting cryptocurrency exchanges and investors, in order to raise funds under strict economic sanctions.

It’s believed that such attacks will not only continue, but also spread.

“We assess that as South Korea responds to these attempted thefts by increasing security (and possibly banning cryptocurrency trading) they will become harder targets, forcing North Korean actors to look to exchanges and users in other countries as well,” Recorded Future warned.

We’ve teamed up with cryptocurrency trading platform eToro. Click here to get the latest Bitcoin rates and start trading. Cryptocurrencies are a highly volatile unregulated investment product. No EU investor protection. 75% of retail investor accounts lose money when trading CFDs.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments