North Korea's Crypto Hacking to Increase in 2023, Warns Seoul

According to YTN, the South Korean NIS has recently opened a National Cybersecurity Cooperation Center with private security firms. The mission of the center will be to counter cyberattacks from North Korea. According to the NIS, “nine government agencies and five private IT security companies” comprise the center's membership. According to the NIS, North Korea has previously focused on crypto exchanges in South Korea but is now shifting its attention to individuals. The NIS has announced that it will also aim at the decentralized finance (DeFi) industry.

The NIS predicted that in 2023, attacks emanating from Pyongyang would “focus on hacking DeFi services” since such services fall within a regulatory “blind spot” in the South. According to Seoul, multiple attacks on cryptocurrency exchanges in South Korea have been attributed to North Korea. South Korea claims that in February 2017, hackers from North Korea stole $7 million from the app Bithumb. Also, in 2017, a South Korean platform called Youbit allegedly went bankrupt due to Pyongyang stealing 17% of its crypto assets.

Since then, exchanges in Seoul have been subject to regulation. It has recently changed its licensing policies so that only exchanges with robust security measures are granted permission to operate. Experts have long warned that Southern stock exchanges are operating with insufficient safeguards. They claimed these targets were “low-hanging fruit” for skilled hackers in Pyongyang. To paraphrase, “cyber warriors” are a “special force” that the North has trained to be “elite.”

The North Korean government has dismissed claims that it hacks crypto as “fabrications” by the United States and South Korea. The NIS warned that Pyongyang was working on cutting-edge “deep fake” technology that could be used to fool social media and internet users. Recently, international security firms have claimed that the North Korean hacking group Lazarus is spreading a virus-infected Mycelium Wallet clone through various Telegram channels. They also claim that Lazarus runs a fraudulent cryptocurrency exchange under the name BloxHolder. According to specialists, the latter includes stolen pages and content from the HaasOnline exchange.