North Korea regime top suspect in bitcoin theft

North Korea regime top suspect in bitcoin theft


South Korean investigators have found “telltale signs” that North Korea hacked a bitcoin exchange based in Seoul that subsequently declared bankruptcy in mid-December 2017, according to a report by The Wall Street Journal newspaper.

The investigators indicated that the Kim Jong Un regime in the past year may have increasingly turned to its cadre of an estimated 7,000 hackers to steal money to fund its nuclear and ballistic missile weapons programs because increased sanctions are cutting off revenues from other sources, many of which were also illegitimate trade venues.

Investigators have tied an increasing number of cyber attacks to hackers backed by the North Korean regime, including the so-called WannaCry incident that targeted hospitals and banks worldwide. The cyber robberies include the 2016 theft of U.S. $81 million from the central bank in Bangladesh and 2017 theft of U.S $60 million from a bank in Taiwan.

Hackers targeted the South Korean cryptocurrency exchange known as Youbit twice in 2017. The company announced on its website on December 19, 2017, that the exchange had lost 17 percent of its assets to hackers and would stop trading and file for bankruptcy. South Korean investigators had already linked an April 2017 theft from Youbit of 4,000 bitcoins, then valued at about U.S. $72 million, to North Korean hackers, Reuters reported. At the time, the exchange was operating under the name Yapizon.

Earlier in 2017, researchers at the Cyber Warfare Intelligence Center (CWIC) in South Korea said North Korea may be targeting virtual currencies in response to stronger economic sanctions by the United Nations and individual nations.

CWIC researchers told Reuters that a series of cyber attacks on virtual currency exchanges based in South Korea such as Bithumb, Coinis and including Youbit carried the digital fingerprints of North Korean hackers tied to the Kim regime, as did an increasing number of attempts to steal funds from individual currency holders.

“They’re experimenting with ways to earn back lost money from sanctions,” Troy Stangarone, a senior director at the Korea Economic Institute in Washington, D.C., told The Wall Street Journal. South Korean cryptocurrency exchanges account for 15 to 25 percent of world bitcoin trading, according to Reuters.

Such cyber thefts could lead to a regulatory crackdown on bitcoin and other cryptocurrencies, some analysts suggest.

“Bitcoin could be the biggest global sting operation ever,” Andy Norton, director of threat intelligence at Lastline, a U.S. cyber security company, told Newsweek magazine. “It’s like a black hole attracting bad actors and dirty money from all around the world. If North Korea [is] using it to avoid sanctions, it could lead to a coordinated response by various governments to shut down access to those funds locked in bitcoin.”

South Korean police and the Korea Internet & Security Agency are leading the Youbit hack investigation, which is “still in its infancy and a review of the malware code could take weeks,” The Wall Street Journal reported.