November 30, 2023 at 07:18AM
Since 2017, North Korean hackers have targeted the crypto sector to bypass sanctions, stealing $3 billion in assets, significantly impacting DeFi platforms. The U.S. imposed sanctions against a mixer used by DPRK’s Lazarus Group for money laundering, which funds their WMD programs. Recorded Future suggests increased industry cybersecurity is necessary.
Meeting Takeaways – Nov 30, 2023:
1. North Korean Threats to Cryptocurrency:
– North Korean threat actors have been targeting the cryptocurrency sector since at least 2017 to evade sanctions.
– The ruling elite in DPRK, especially those skilled in computer science, are using their access to technology and information to commit cybercrimes against the crypto industry.
2. Cryptocurrency Thefts:
– DPRK-linked hackers are responsible for stealing around $3 billion in crypto assets over the past six years.
– In 2022, $1.7 billion worth of cryptocurrency was stolen by the country with $1.1 billion taken from DeFi protocols.
– The stolen funds are believed to finance North Korea’s WMD and missile programs.
3. U.S. Treasury Sanctions:
– The U.S. Treasury Department has imposed sanctions on Sinbad, a virtual currency mixer utilized by the Lazarus Group for money laundering.
4. Lazarus Group’s Tactics:
– Lazarus Group targets online crypto exchange employees with social engineering and lucrative job offers to spread malware and gain network access.
– They also employ phishing, trojanized apps, watering hole attacks, airdrop scams, rug pulls, and use mixing services to obscure financial trails.
5. DeFi Vulnerabilities:
– DeFi platforms’ design allows for the transition between cryptocurrencies without platform custody, complicating the tracing of illicit transactions.
– Reports from DHS and AEP underline Lazarus Group’s exploitation of these DeFi protocols.
6. Need for Stronger Regulations:
– The lack of robust regulations, cybersecurity requirements, and investments in crypto firm cybersecurity may lead to continued attacks by North Korea on the industry.
7. Cybersecurity Firm Advice:
– Recorded Future urges for increased cybersecurity measures for cryptocurrency firms to prevent North Korea’s ongoing cyberattacks aiming for revenue generation.
Follow-up Actions:
– Monitor for updates on Twitter and LinkedIn as suggested in the article.
– Reassess cybersecurity protocols for organizations involved in crypto assets.
– Stay informed about new regulations and sanctions that could affect cryptocurrency security and compliance.