North Korean hackers are targeting the crypto space more than ever before. Their methods are becoming sophisticated. A recent study from crypto firm Paradigm alerts us to the threat that is growing. The study, “Demystifying the North Korean Threat,” reveals shocking data about recent hacks. One hack was on the well-known crypto exchange Bybit. One morning in February, Bybit suddenly moved over $1 billion worth of tokens.
The transactions were suspicious. Within minutes, they verified that they were not maintenance workers. Hackers compromised Bybit’s security and initiated the liquidation of $200 million worth of assets. Investigators traced the attack to North Korea within minutes.
Bybit breach: advanced North Korean cyberattack
The attackers used new tactics that were much more sophisticated than anything used before. The attackers compromised Safe{Wallet}, a widely used security tool. Instead of attacking Bybit directly, they compromised Safe{Wallet} with malware. As the employees at Bybit tried to manage funds, the attackers took over. The strategy was not expected. It involved a new level of strategy and implementation. The models needed to be adjusted in order to account for the new tactics.
The North Korea operations are well-organized. The operations come from different teams within the Reconnaissance General Bureau (RGB). The agency controls most of the country’s cyber operations. Teams Lazarus, APT38, AppleJeus, and TraderTraitor come under its command. Their operations range from financial theft to malware spread. Each has a specified role in North Korea’s online operations.
The most well-known among these hackers is the Lazarus Group. The perpetrators of major hacks like the 2014 hack on Sony Pictures and the 2016 Bangladesh Bank heist. It launched the 2017 WannaCry ransomware attack that resulted in billions in losses worldwide.
It has targeted cryptocurrency in recent years. The group has stolen billions from crypto users and crypto exchanges. APT38 conducts financial crimes. It targeted banks in the beginning but later turned to crypto exchanges. AppleJeus distributes malware in the guise of trading tools.
Crypto firms on high alert as malware threats rise
This malware group uses social engineering to trick users into installing malware applications. The most advanced among them is TraderTraitor. It launches very targeted attacks on crypto firms using phishing and infiltration tactics. Crypto firms need to take extra precautions to deal with such threats. Companies need to limit worker access to core systems. Companies need to have strong security policies in place, such as two-factor authentication.
Exchanges must be cautious and have emergency response systems in place to identify and address suspicious transactions. Even with precautions in place, North Korea’s hacking activities change constantly. The FBI and cybersecurity firms track the activities, but they’re difficult to impede. The best defense is awareness and readiness. Crypto users and companies must stay aware and ready to avoid becoming the next target.
