In what many may perceive as a reiteration of the obvious, the Nikkei Asian Review has reported that an unnamed panel of experts has advised the U.N. Security Council that the Democratic People’s Republic of Korea has been the driving force behind crypto exchange hacks since 2016 and has used its ill-gotten gains of $670 million to “evade economic sanctions and obtain foreign currency.” The panel assigned blame to a specialized military unit of the North Korean government, but speculation is that this unit had also partnered with the infamous Lazarus Group, known for its prowess for hacking.
The conclusion of the panel’s report was that: “[Cryptocurrencies] provide the Democratic People’s Republic of Korea with more ways to evade sanctions, given that they are harder to trace, can be laundered many times and are independent from government regulation.” It also recommended that U.N. state parties “enhance their ability to facilitate robust information exchange on the cyberattacks by North Korea with other governments and with their own financial institutions to detect and prevent the North from circumventing the sanctions.”
North Korea has been struggling to overcome the impact of economic sanctions imposed over its nuclear and missile programs. Its coal export trade has been curtailed, as has access to valuable foreign exchange. Cryptocurrencies and an active illicit hacking program appear to have given it a relief valve of sorts, which must be shut down, if the crypto ecosphere is to evolve in a creditable fashion.
The report submitted to the U.N. noted that the focus of most attacks was on Asian firms. As was reported:
Between January 2017 and September 2018, the Democratic People’s Republic of Korea successfully hacked cryptocurrency exchanges in Asia at least five times, with losses totaling $571 million, the panel estimated. The attacks are understood to have been carried out by a specialized military unit and are now a crucial part of North Korean government policy.
Recent research reports have revealed that nearly $2 billion was lost during 2018 alone, due to crypto exchange compromises and Initial Coin Offering (ICO) scams. Several reports from such noteworthy firms as Chainalysis, CipherTrace, and Group-IB, have reviewed the blockchain transaction historical record to determine their findings, as well as canvassing the public record and confirming with affected parties the nature and extent of total losses. Their findings seem to corroborate the U.N. panel discussion. The anonymity of the blockchain, unfortunately, prevents the disclosure of address owners, but the research does point to repeating patterns and personalities of the professional hacking teams at hand.
Group-IB, however, was able to determine enough evidence in its analysis that it implied that the North Korea-based Lazarus hacker group was leading the charge for North Korea and was “responsible for some of the crypto industry’s most-damaging hacks in the past 12 months. The group is directly tied to the attacks on the following five cryptocurrency platforms — CoinCheck, YouBit, Coinis, Bithumb, and Yapizon.” The compromise of Japan’s Coincheck exchange in January of 2018 resulted in the disappearance of $530 million in NEM cryptocurrency, never to be seen of again.
The obvious targets for many of these attacks have been crypto exchanges in South Korea. South Korea’s National Intelligence Service (NIS) had already determined by February of 2018 that North Korea was responsible for the theft of tens of millions of dollars from South Korean exchanges. As evidence continues to pile up from other sources, it remains to be seen if the U.N. Security Council will take swift action against North Korean authorities.