The United States Impose Sanctions on Three North Korean Hacking Groups
Last updated September 28, 2021
Last September, we reported the news about the cryptocurrency exchange ‘KuCoin’ losing $150 million to hacker attacks. The actors found a way to withdraw the money right from the user wallets, leaving no way for the platform to respond and stop the transfer. The holders of the assets have been reimbursed, courtesy of the available insurance fund, but the investigation on who stole the money and where it ended up is still ongoing.
According to a Reuters report, the United Nations has submitted an inquiry into the theft, which links North Korean hackers with the incident. More specifically, the confidential report mentions a total of $281 million, adding another $23 million from a subsequent hack that occurred in October 2020. Reportedly, the DPRK used the stolen crypto to support its nuclear and ballistic missile programs and circumvent sanctions in general, something that we have heard about again.
Experts who analyzed the two hacks believe that the actors leveraged decentralized exchanges, enabling them to do currency swaps. This was essential because KuCoin was quick to report the transactions and wallets, and so all major exchange platforms had the money flagged as stolen. Since the actors managed to obscure the trace, though, they were soon free to take about 20% of the stolen money outside the sphere of scrutiny. The rest was gradually retrieved by KuCoin, with the help of the said exchanges.
KuCoin hasn’t commented on the revelations about the origin of the hackers, and most probably, it makes no real difference to them. Reuters states that the platform knew who the hackers were since the early stages of the investigation but was requested by the law enforcement not to make the information public until the case is closed.
Other credible sources in the field maintain that state-backed North Korean hackers have made a total of over $316 million from January 2019 to November 2020, stealing these amounts mostly from financial institutions from around the globe. Last year, the hackers turned their attention to defense industries and game publishing companies, but cryptocurrency exchanges remained a standard choice.