A North Korean hacker crew called Lazarus Group has been accused of carrying out a heist on cryptocurrency exchange KuCoin, dubbed the biggest cryptocurrency theft of last year at $275 million worth of virtual money. That figure represented half of all cryptocurrency stolen in 2020, according to cryptocurrency tracker and law enforcement contractor Chainalysis, which exclusively revealed its attribution of the huge attack to Forbes ahead of the release of its own research report on Tuesday.
The hack of Singapore-based KuCoin, which lets people trade Bitcoin, Ethereum and other cryptocurrency, also took Lazarus’ illicit winnings up to $1.75 billion, Chainalysis claimed. It’s feared that North Korea is using stolen cryptocurrency to fund its nuclear initiatives, whilst also causing serious losses to the burgeoning virtual economy. Meanwhile, the thefts are helping prop up North Korea’s flagging economy, which has reportedly taken a severe hit thanks to the Covid-19 crisis. CNN reported on a confidential U.N. document on Tuesday, which suggested that North Korea had stolen a total of $316.4 million from financial institutions and virtual currency companies between 2019 and November 2020 to support its warfare and economic plans.
Chainalysis said it was able to attribute the KuCoin hack to the North Korean hacking group by looking at how the stolen funds were laundered. Lazarus Group, previously blamed for the infamous Sony Pictures hack of 2014 amongst many other attacks on cryptocurrency exchanges, has a unique way in which it sends money to “mixers.” Those mixers mix up cryptocurrency into different accounts in order to make tracking of funds more difficult. “The size, and the way that funds are sent to mixers is extremely specific, and it’s like a fingerprint,” said Kim Grauer, who led Chainalysis’ research into the KuCoin attack.
Grauer thinks North Korea’s cryptocurrency thefts could be filling huge holes in the country’s coffers. “COVID in particular has further continued to devastate the North Korean economy and so we think that… the country may be becoming increasingly dependent on hacking for just funding, period,” Grauer added. “When you think about $1.75 billion, it’s a very significant amount of money for that country considering their GDP.”
The KuCoin breach took place in September 2020, and the exchange offered rewards of up to $100,000 to anyone who could provide valid information to us regarding this incident. Later, KuCoin CEO and founder Johnny Lyu claimed $201 million in cryptocurrency had been recovered as of October 3 and said perpetrators had been caught. This February, Lyu said in a blog post that it had “cooperated with exchange and project partners to recover $222 million (78%), and cooperated with law enforcements and security institutions to recover $17.45 million (6%). At the same time, KuCoin and our insurance fund covered the remaining part, about $45.55 million (16%). In the end, we ensured that no users sustained any loss in this incident.”
KuCoin, which claims to have over six million registered users, told Forbes that while it’s working with law enforcement and security agencies to track the suspects, “no more details can be announced at the moment, per their request.” Chainalysis said it had shared its findings relating to the North Korean attribution with KuCoin, but declined to provide any more detail on its work with the exchange.
The news comes hot on the heels of a Google warning that another crew of alleged North Korean hackers had attacked security researchers via what may have been a Chrome “zero-day” exploit – an attack on an unpatched vulnerability or string of vulnerabilities.
With a mix of more sophisticated digital attacks and huge thefts of cryptocurrency, North Korea’s investment in offensive cybersecurity is proving to be reaping rewards for Kim Jong-un’s regime, whilst costing victims their privacy and, in some cases, their crypto wealth.