North Korea-Linked Hackers Stole Bitcoins From Seoul-Based Exchange

As we pointed out yesterday, bitcoin and other tokens across the crypto space sold off following reports that South-Korea based exchange YouBit had been hacked, forcing its owner into bankruptcy.

The exchange reported that hackers had stolen 17% of assets held in the exchange’s digital wallet. However, Yapian, YouBit’s owner, didn’t specify the value of its losses. As if yesterday's hack wasn't sufficiently embarassing, the exchange had also been hacked in April.

Now, with crypto prices still reeling from the hack and the reopening of US exchange GDAX, which had halted trading to investigate possible market manipulation after Coinbase listed bitcoin cash, the Wall Street Journal is reporting that South Korean intelligence believes North Korea-linked hackers perpetrated yesterday’s heist.

SEOUL—Investigators in South Korea are looking into North Korea’s possible involvement in a heist from a bitcoin exchange that collapsed here on Tuesday, according to people familiar with the situation, as the regime develops new ways to raise money as sanctions choke off its traditional revenue sources.

 

The investigation into the hack, led by South Korean law enforcement and a state cybersecurity agency, is still in its infancy and a review of the malware code could take weeks, the people said.

 

But the people said there were telltale signs and historical evidence that North Korea, which has turned in recent years to increasingly sophisticated financial warfare, was behind the hack of Seoul-based exchange Youbit.

 

The same cryptocurrency exchange, operating under a different name, was targeted in April by North Korean hackers, several of the people said. Yapian, the company that operates Youbit, suspended trading and filed for bankruptcy after Tuesday’s hack.

 

The bitcoin heist follows similar suspected Pyongyang-directed offensives against other South Korean cryptocurrency exchanges—and an increasing number of attempts to steal from individual investors.

The report follows news, also first revealed in the WSJ, that North Korea-linked hackers known as the Lazarus group were behind this spring’s WannaCry ransomware hack that affected businesses around the world.

As bitcoin and other cryptocurrencies have appreciated in value, they’ve become an increasingly tantalizing target for North Korean hackers. Furthermore, the North Korean state has likely devised strategies to liquidate its cryptocurrency holdings in exchange for fiat currency.

South Korean police and the Korea Internet & Security Agency said they had begun an investigation into the Youbit hack but were still determining the scope of the situation.

 

A North Korean cyber army of 7,000 hackers around the world has shifted tactics over the past two years to become more motivated by financial gain, pilfering from banks and, more recently, focusing on cryptocurrencies, according to cybersecurity researchers. North Korea has denied involvement in the hacking incidents.

 

...

 

For average consumers, online marketplaces can convert bitcoin into regular cash that can be sent to bank accounts. But North Korea is allegedly swiping vast sums of bitcoin—significantly more than individuals typically own—and must also cover its tracks.

 

To do that, North Korea, in theory, could divvy up the bitcoin bounty into different accounts, then move the smaller sums in and out of different cryptocurrency exchanges. Each transfer would further erode the links to the original owners. Eventually, North Korea could create enough anonymity to cash out the bitcoin like anyone else.

South Korea is among the most active bitcoin markets, ranking No. 3 after the US and Japan in terms of trading volume. However, South Korea - like most countries - has no legal protections for consumers who become victims of exchange hackings. Indeed, news of the hack led to uncomfortable comparisons to the collapse of Mt. Gox.

* * *

News of North Korean's involvement with the hack hasn't had much of an impact on the crypto market, which is still largely lower on the day...