Hacker group “Lazarus,” reportedly funded by North Korea, has stolen a staggering $571 million in cryptocurrencies since early 2017, a study conducted by cybercrime company Group-IB reveals. Key takeaways from the study were published Tuesday, Oct. 16, alongside the full annual report, entitled “Hi-Tech Crime Trends.”
The report, dedicated to hacks in 2017 and 2018, identifies the allegedly state-sponsored hacker group Lazarus as responsible for $571 million of the $882 million total in crypto that was stolen from online exchanges during the studied time period; almost 65 percent of the total sum.
Out of fourteen separate exchange breaches, five have been attributed to the group, among them the industry record-breaking $532 million NEM hack of Japan’s Coincheck this January.
The report states that hackers target cryptocurrency exchanges using mostly “traditional” methods, including spear phishing, social engineering, and malware:
“After the local network is successfully compromised [through downloaded malware], the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets.”
The report, which also includes a cybercrime forecast, predicts the number of attacks on exchanges to increase in future, as an alternative to traditional targets such as banks.
Group-IB further indicates that Initial Coin Offering (ICO) platforms are prime targets for hackers, revealing that 10 percent of total funds raised from token sales in 2017–2018 were stolen. A majority of illicit activity targeting ICOs was reportedly conducted through phishing methods, with Group-IB estimating that large phishing groups have the capacity to steal around $1 million a month.
Additionally, Group-IB suggests that mining pools could prove an easy target for 51 percent attacks by state-sponsored hackers. Attempts at such attacks, albeit with limited success, are said to already be on the rise.
U.S. experts have previously alleged that North Korea is "increasingly" turning to crypto as a tactic to circumvent sanctions, claiming that the country’s government is hiring people to “launder” cryptocurrencies via multiple wallets and exchanges, as well as so-called mixing services, with the aim of obtaining sanction-free U.S. dollars.