North Korea stealing cryptocurrency in South Korea, says NIS

The South Korea spy agency blamed Pyongyang for hacking attacks on local cryptocurrency exchanges that stole tens of billions of won.

Suh Hoon, director of the National Intelligence Service (NIS), said Monday, “North Korea is continuously making hacking attempts to seize cryptocurrency,” adding that “some [domestic] exchange operators had tens of billions of won in cryptocurrency stolen.”

This was the first time the South’s intelligence authorities confirmed that North Korea stole cryptocurrency through hacking.
Briefing members of the National Assembly’s intelligence committee, Suh said that the North sent phishing emails to cryptocurrency exchanges and their customers in South Korea to steal passwords.

He added that the North managed to neutralize a well-known South Korean software company’s antivirus program. North Korea also was said to have found out that a cryptocurrency exchange operator was hiring and sent phishing emails disguised as job applications.
North Korea’s hacking for cryptocurrency may be a way around international sanctions that have blocked many of its sources of foreign currency.

Furthermore, it has faced limitations in hacking banks, especially after the U.S. National Security Agency (NSA) last year pinpointed North Korea as being behind an $81 million cyber heist of the Bangladesh central bank’s account at the Federal Reserve Bank of New York in 2016.

North Korean hackers were seen to have breached the Bangladesh bank’s systems using the Swift (Society for Worldwide Interbank Financial Telecommunication) messaging network to manipulate transactions. North Korean banks have since been banned by the Swift financial messaging service.

Thus, North Korea has shifted its targets from banks to cryptocurrency exchanges.
Cryptocurrency exchanges are an easy target because of their relatively low level of security.

Rep. Kim Byung-kee of the ruling Democratic Party of Korea told reporters after the briefing that South Korean companies were hacked, “but the NIS cannot reveal which ones.”

He added that while cryptocurrency have been stolen, “The NIS is blocking the other attempts. Its cyber team is said to be very capable.”
Local cryptocurrency exchange Youbit, formerly called Yapizon, was hacked in April, having some 5.5 billion won ($5.1 million) in bitcoin stolen, and then again in December. Both attacks were believed to be by North Korea. The December hacking resulting in the loss of 17 percent of the company’s cryptocurrency, amounting to some 17 billion won. Youbit had filed for bankruptcy.

Similarly, North Korea is seen to be behind the theft last June of the personal data of some 36,000 customers of Bithumb, Korea’s largest cryptocurrency exchange and ranked No. 2 worldwide.

Another local exchange, Coinis, had some 2.1 billion won worth of cryptocurrency stolen by a hacker thought to be linked to North Korea last September.

There is also a likelihood that North Korea was also behind the theft of some $530 million worth of digital tokens from a cryptocurrency exchange in Japan, Coincheck, last month.

BY KIM MIN-SEOK, SARAH KIM [kim.sarah@joongang.co.kr]