Topics
North Korea | cryptocurrency | Hackers
Parmy Olson | Bloomberg Last Updated at June 25, 2022 12:22 IST
https://mybs.in/2awOA4u
The world of crypto isn’t just suffering from a market malaise that has seen the price of Bitcoin drop from $69,000 to around $20,000 today — it also faces a troubling number of security risks.
There have been dozens of breaches in the past few years showing that cybercriminals are gravitating toward the world of cryptocurrencies. In many cases, we don’t know who the attackers are, but one culprit that keeps coming up is the band of state-backed hackers from North Korea known as the Lazarus Group.
According to a new book by Geoff White, “The Lazarus Heist,” the regime’s hackers have been become increasingly sophisticated over the past decade, managing to steal an estimated $2 billion worth of cryptocurrency to date. Crypto investors should expect the gang to continue exploiting blockchain targets, or the “the soft underbelly of the financial system,” according to White, who believes the $2 billion figure is a “vast underestimate.”
It stands to reason the hacker group would target crypto networks: Lazarus’s modus operandi for years has been to generate as much cash as it could to help prop up the North Korean regime and its nuclear weapons program. In the past decade, its schemes have included sophisticated ATM hacks and ransomware, including the infamous WannaCry cyber attack.
Now decentralized finance, or DeFi, has become a more lucrative target than banks, thanks to the billions of dollars locked up in its various applications. But the move-fast-and-break-things culture still prevalent in web3 development hasn’t helped the security of those networks. Neither does the fact that building web3 apps is unusually hard for programmers, who can create gaping financial vulnerabilities with simple coding errors.
Across the board, the amount of money lost through hacks of DeFi projects more than doubled in 2021, with security website CrytpoSec listing 102 reported breaches between Jan. 2020 and June 2022, totaling $3.4 billion lost.
Lazarus has gone after several crypto networks, including a Slovakian crypto exchange in 2020 from which it stole virtual currency worth $5.4 million. The hackers went on to launder the funds through the cryptocurrency exchange Binance, according a Reuters investigation. They were also behind the more-than-$600 million hack on play-to-earn-game Axie Infinity, which when measured by money stolen could be one of the biggest single hacks of all time. (The U.S. Treasury Department blamed Lazarus as being behind the attack.)
I spoke to White in a Twitter Spaces discussion this past week about the group, and some of its strategies for targeting DeFi networks in the future. Below is an edited excerpt from that discussion:
Parmy: Do we have any idea of how many people are in the Lazarus group? How are its members selected and trained?
Geoff: In terms of how many there are, there’s a publicly quoted figure, which is 6,000, which has come from analysis of testimony from defectors who’ve come out of North Korea. To train these people, the North Korean government can’t rely on hackers in hoodies in bedrooms, kids who just go on YouTube, because in North Korea you can’t just pick up a laptop and go on the Internet. All the computer hackers in North Korea have come up through the school system. They've been spotted and groomed by the regime to go into elite universities, to hone their skills. A lot will go into either the nuclear program or government hacking.
Parmy: North Korean hackers went after Axie Infinity in March. It seems that unlike other state-backed hackers they’re not targeting any particular country. Who or what do you expect them to go after in the future?
Geoff: Cryptocurrency is absolutely the direction of travel. If you’re looking at how much was stolen in one fell swoop, I think the $625 million stolen from Axie Infinity may be the biggest single hack of any amount of money from one company, in one hit, ever … If you look at the banks that they’ve hacked into, you’re talking Vietnam, the Philippines, Chile, Bangladesh. They will go anywhere where the security is weakest.
Parmy: They seem opportunistic in terms of scope. Given that blockchain networks have experienced a number of breaches and vulnerabilities, thanks in part to their difficult coding environment, do you expect blockchain to become an attractive target to North Korean hackers in the next few years?
Geoff: I think so. There have been reports coming out from alleged North Korean hackers advertising jobs and targeting cryptocurrency workers and saying, “Hey, I’ve got a great job for you. A perfect job.” And then tricking cryptocurrency workers into downloading malware and getting into the cryptocurrencies that way.
Bizarrely, it also seems that North Korea’s hackers are trying to get jobs at cryptocurrency companies. There’s been an alert put out by the US Treasury warning cryptocurrency firms about North Korean hackers turning up and applying for jobs. We’ve interviewed somebody who claims he actually interviewed a North Korean hacker who applied for a job at his company and realized halfway through the interview what was afoot. But when you think about it, it makes a lot of sense. If you’re inside a cryptocurrency company, you might be able to steal money from them directly.
You might be able to get the passwords, and even if you don’t, you might be able to introduce a flaw or vulnerability into that company’s code, which allows you to extricate money later on. And even if none of that works, if you’ve got a company email address, you can email other people in the crypto industry and say, “Hey, I just started work for company X. Have you seen this exciting news? See attachment to the email.” And that’s how you get your viruses out.
Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.
As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.
Support quality journalism and subscribe to Business Standard.
Digital Editor
PREVIOUS STORY
NEXT STORY
Copyrights © 2022 Business Standard Private Ltd. All rights reserved.
Upgrade To Premium Services
Business Standard is happy to inform you of the launch of “Business Standard Premium Services”
As a premium subscriber you get an across device unfettered access to a range of services which include:
Premium Services
In Partnership with 
Dear Guest,
Welcome to the premium services of Business Standard brought to you courtesy FIS.
Kindly visit the Manage my subscription page to discover the benefits of this programme.
Enjoy Reading!
Team Business Standard
