Japan’s national intelligence agency has concluded that North Korean hackers were likely behind the January 26th theft of $530 million USD worth of XEM cryptocoin tokens takenfrom Tokyo-based cryptocurrency exchange Coincheck, which ranks as the biggest cryptocurrency heist ever.
The attack affected all 260,000 Coincheck customers who had been holding XEM. Coincheck admitted that a security gap on the platform was exploited to steal the XEM, and subsequently promised to use its own money to reimburse customers.Japanese authorities have since announced that they would investigate all Japanese crypto exchanges for security gaps.
The largest previous cryptocurrency heist was a theft of $480 million worth of cryptocoins from Tokyo-based Mt. Gox in 2014. Mt. Gox subsequently filed for bankruptcy.
UN sanctions blocking exports have driven North Korea into a deep trade deficit. North Korea is using stolen cryptocurrency to get hard cash to make up for the crippling deficit.Cryptocoin markets are attractive targets for North Korean hackers due their light regulation, sheer size, and the irreversibility of transactions. The $1.5 billion stolen to date equals 1/2 of North Korea’s total export capacity. Part of the cash is being used to bankroll North Korea’s nuclear weapons program.
North Korea’s involvement in major financial hacking operations is growing. The North Korean regime’s 6000 membercyberoperationsunit “Lazarus” is also seen byseveral top government and private cybercrime forensic labs as the likely culprit in these incidents:
- January 2018 ̶ Lazarus infectedthousands of personal computers around the world with CPU-highjacking malware to run a covert Monero cryptocoin mining operation.
- December 2017
- $63 million worth of Bitcoin was stolen from crypto-mining marketplace NiceHash.
- A hack targeted Seoul-based cryptocurrency exchange Youbit resulted in the loss of 17% of its assets, forcing Youbit into bankruptcy. Youbit has not stated the dollar amount of this heist.
- An unsuccessful hacking campaign targeted South Korean cryptocurrency exchange Coinlink, employing similar malware code to that used in North Korea’s 2014 attack on Sony.
- $155 million in Ether and other tokens were stolen from the Parity Wallet.
- $31 million worth of cryptocurrency wasstolen from the company behind Tether.
- May 2017 ̶Theglobal WannaCryransomware attack unfolded afterLazarus infected computer systems at hospitals, schools, and businesses across 150 countries, raising an unknown amount of bitcoin.
- April 2017 ̶$7 million worth of Bitcoin was stolen from the South Korea-basedBithumb bitcoin exchange.
- July 2017 –CoinDash lost $6 million worth of Ether to hackers during the first few minutes of an ICO launch.
- August 2016 ̶ Hackers stole $65 million worth of Bitcoin from Bitfinex.
- June 2016 ̶ $50 million in Ethers wasstolen from DAO (Decentralized Autonomous Organization), then the highest-profile project using Ethereum.
- May 2016 ̶ $2 million in Bitcoin and Ether wasstolen from Hong Kong-based Gatecoin.
- February 2016 ̶$81 million was stolen from the New York Federal Reserve. Only a simple spelling error, a withdrawal request that had misspelled “foundation” as “fandation”, prevented Lazarus from stealing another $900 million the same day.
- January 2015̶ $5 million in Bitcoin was stolen from Bitstamp.
- February 2014 ̶$480 million was stolen from the Japan-based Mt. GoxBitcoin exchange.
North Korea continues to deny any involvement in cybercrime activity of any kind despite overwhelming evidence.