Cyberattacks by North Korean Hackers Target Japan, Vietnam, and Hong Kong’s Cryptocurrency

Cyberattacks by North Korea are aimed against Japanese cryptocurrency assets. According to a U.K.-based compliance specialist’s assessment, hacker gangs connected to North Korea have stolen $721 million from Japan since 2017. That equates to 30% of all such losses experienced globally.

It is thought that Pyongyang targeted other nations’ crypto assets in order to get the foreign currency needed for its missile program. Asia’s security may be at jeopardy as a result of this.

Elliptic, which carried out the investigation for Nikkei, has technology that monitors and catalogs money transfers on the blockchain where cryptocurrencies are traded.

Businesses whose virtual currency was transferred to digital wallets used by the Lazarus Group, a hacker organization located in North Korea, were classified by region by elliptic. This is the first instance when regional or national breakdowns of the financial losses caused by North Korean hackers have been made.

The threat posed by North Korea is being recognized by international organizations. Top officials noted the “growing threat from illicit activities by state actors” such the theft of cryptocurrencies in the joint statement that the Group of Seven finance ministers and central bank governors issued on Saturday in Japan, keeping in mind North Korea’s frequent missile tests.

North Korea stole twice as much cryptocurrency in 2022, between $600 million to $1 billion, according to a report from a U.N. Security Council group of experts published on April 5. Elliptic pegged the amount for 2022 at $640 million.

Hacking and ransomware are the two primary categories of cyberattacks used by North Korea. The majority of the hacks discovered by Elliptic’s analysis included stealing directly from cryptocurrency exchanges. North Korea is said to be concentrating its efforts on direct attacks on exchanges as one successful breach can bring in a significant amount of cryptocurrency assets because it is unpredictable whether a particular ransomware campaign would be successful.

Elliptic claims that between 2017 and the end of 2022, North Korea stole $2.3 billion worth of cryptocurrencies from enterprises. The United States came in second with $497 million, followed by Vietnam ($540 million), Japan ($281 million), and Hong Kong ($497 million).

The $721 million that was stolen from Japan, according to the Japan External Trade Organization, is 8.8 times higher than the country’s exports will be worth in 2021.

As cryptocurrency marketplaces in Japan and Vietnam have grown quickly and many operators have insufficient security, it is believed that these countries were the hackers’ primary targets. A person with knowledge of the subject claims that between 2018 and 2021, North Korean hackers are suspected of hacking at least three cryptocurrency exchanges in Japan. One, Zaif, lost 51.4 million dollars or 7 billion yen in 2018. Since then, the business has closed.

The international restrictions imposed on North Korea make it challenging for the DPRK to get foreign money. It is believed that North Korea uses cyberattacks as part of a national strategy to make up for the loss of foreign cash resulting from its severely restricted coal exports.

Around 2014, it became apparent that North Korean-affiliated groups were engaging in large-scale activity. These organizations steal data related to defense, healthcare, and other industries in addition to conducting cyberattacks. According to a cybersecurity specialist, “the technology of the programs they use is higher than that of attack groups in other countries.”

The world has only had negative things to say about Pyongyang. The United States government has concluded that North Korea was responsible for a significant number of ransomware assaults that occurred globally in 2017. Japan’s National Police Agency and other agencies singled out North Korea in October 2022 and advised operators of cryptocurrency exchanges to exercise caution. In its 2021 report, the U.N. Security Council expert group reiterated its warning, claiming that the nation continues to engage in hacking activities to support its nuclear and missile programs.

A security risk arises if the stolen cryptocurrency is applied to military endeavors. By modifying its Payment Services Act, Japan has bolstered its security, and other nations are following suit. However, they have not yet responded to emerging technologies like decentralized finance (DeFi), which uses blockchain-based software to perform financial transactions, or helped domestic crypto exchange companies deal with them.

Collaboration across borders is essential in the bitcoin sector. “We need to share threat information, such as attack routes and malware that exploits them, among the public and private sectors and industry associations in each country to increase the level of defense capabilities of each industry, including the financial sector,” said Hiroki Iwai, president of Tokyo-based cyber consultancy Sighnt.