South Korea’s national spy agency released a statement saying that North Korean hackers might be behind the Coincheck heist, Bloomberg reported.
According to Japan Times, a source familiar with the matter said Tuesday that the recent break-in into the Japanese cryptocurrency exchange Coincheck Inc., which saw $520 million worth of digital coins stolen, might have been orchestrated by the rogue Koran state.
The source said that South Korea’s National Intelligence Service told a parliamentary committee about their thoughts on the North Korean crypto heist.
The person, who according to Japan Times declined to provide their name due to the sensitivity of the issue, said that the virtual coin market remains a likely target for more North Korean crypto heists. The sheer size of the virtual coin markets, as well as the incredibly light regulation surrounding it, makes it attractive to hackers. However, the source added that there was still no hard evidence to support their North Korean crypto heist theory.
Reuters reported that the statement given by the unnamed source echoed an earlier report made by South Korea’s Channel A news. The news report said that there was a high probability that the Coincheck hack was a North Korean crypto heist.
The National Intelligence Service (NIS) told South Korea’s parliament Monday that the North Korean crypto heist last year was on the scale of tens of millions of dollars, according to parliamentary sources.
Sources also told the press that South Korea’s National Intelligence Service had also informed the National Assembly that it was investigating the possibility of the January 26 hack being a North Korean crypto heist.
The National Intelligence Service also said that tens of billions of won in virtual currency were stolen from South Korean cryptocurrency exchanges last year. The hacks, which were most likely North Korean cyber heists, involved the sending of hacking emails to members of the exchanges.
South Korea’s Yonhap news agency reported back in December that the National Intelligence Service had evidence that North Korean crypto heists resulted in stealing the personal information of some 30,000 people from Bithumb. Bithumb, South Korea’s biggest and most popular cryptocurrency exchange, was hacked back in June 2017. The Japan Times also reported that the NIS had secured evidence that another North Korean crypto heist resulted in robbing virtual money at Coinus, another local exchange, which took place in September 2017.
According to Reuters, the National Intelligence Service reportedly confirmed that the same code by Lazarus, a group accused of being behind the 2014 Sony hack, was used in both of the suspected North Korean crypto heists.
The latest report from Bloomberg, citing an unnamed lawmaker who attended a meeting with the head of the intelligence service, said that the South Korean agency is now examining the incident with cooperation from international authorities.
North Korean crypto heists might be funding the country’s nuclear program
According to Bloomberg, cybersecurity experts say that the latest North Korean crypto heists might be just one of many. Claiming that Kim Jong Un’s hermit regime seeks capital to bankroll its nuclear weapons program and circumvent tough international sanctions, experts say that North Korea has master-minded a growing number of crypto heists in the past years.
Independent South Korean investigators, backed by the state’s National Intelligence Service, are already said to be looking into Pyongyang’s involvement in the hack of Seoul-based exchange Youbit. Youbit collapsed in December, causing it to close and enter bankruptcy proceedings after the North Korean crypto heist claimed 17 percent of its total assets.
North Korean crypto heists don’t stop at virtual currencies, though. According to Bloomberg, North Korean hackers are reportedly hijacking computers to mine cryptocurrencies. Kwak Kyoung-ju, the leader of a hacking analysis team at the South Korean government-backed Financial Security Institute, told Bloomberg that a hacking unit called Andariel seized a server at a South Korean company in the summer of 2017 and used it to mine about 70 Monero coins. The Monero coins, a cryptocurrency that’s focused on privacy and easier to hide and launder than bitcoin, are now worth more than $25,000.
According to researchers dealing with North Korean crypto heists, the majority of attacks from North Korean hackers in the past year have focused on financial gain rather than government secrets. More North Korean crypto heists are expected this year, Bloomberg reported, as the UN is stepping up its efforts to cut the flow of funds used by the regime to fuel its nuclear arms development.
“North Korean threats meant attacks on the government and national defense, but now they are looming very large over the private sector,” Lee Dong-geun, chief analyst at the government-run Korea Internet Security Center in Seoul, said at a forum. “They are primarily after information for financial ends.”
January’s Coincheck hack was the biggest crypto heist since the 2014 disappearance of about $470 million worth of Bitcoins from the Mt. Gox exchange. Coincheck, which halted withdrawals after detecting the infiltration on Jan. 26, said it was bolstering its security systems and that it would be resuming their operations soon.