1
Crypto-related hacks have been rampant in recent years, and a huge chunk of the cyberattacks targeting crypto firms may be linked to North Korea, a UN Security Council report indicated. Richard Patterson/flickr.com

KEY POINTS

  • A UNSC committee is looking into dozens of suspected cyberattacks on crypto firms over the past 6 years
  • In the hack of JumpCloud in July, it is believed 2 crypto heists worth over $147.5 million were carried out
  • North Korea-linked hackers are believed to have pulled off 17 crypto heists last year, worth over $750 million

The United Nations Security Council (UNSC) Sanctions Committee on North Korea is investigating suspected cyberattacks by North Korean hackers targeting "cryptocurrency-related companies" during a six-year period that led to losses of around $3 billion.

In a report published this month that was first picked up by South Korean outlet Yonhap on Thursday, the panel said it identified some trends of cyber activity by North Korean threat actors, and some of these movements directly targeted the crypto industry.

"The Panel is investigating 58 suspected cyberattacks by the Democratic People's Republic of Korea on cryptocurrency-related companies between 2017 and 2023, valued at approximately $3 billion, which reportedly help to fund the country's development of weapons of mass destruction," the report noted.

Citing a compromise of software-as-a-service provider JumpCloud in July 2023, the committee said that Pyongyang "actors associated with cryptocurrency heists" likely breached the system through a "sophisticated spearphishing campaign," a type of phishing attack targeting specific organizations or individuals. The said hack is believed to have resulted in "at least two cryptocurrency heists" by North Korea with a combined value of more than $147.5 million.

In 2023 alone, there were 17 cryptocurrency heists that could have been perpetrated by North Korea, "valued at more than $750 million," the panel noted.

Among the North Korea-backed hacking groups mentioned in the report was Kimsuky, which allegedly carried out crypto-related scams and thefts. The hackers allegedly conducted extortion campaigns to obfuscate their transactions and fund espionage operations.

Kimsuky is also accused of cryptojacking "hundreds, if not thousands" of victims in the past several years. It has also been observed to have been mining Monero (XMR) and "likely" received payouts in other digital assets such as Ether (ETH), the sanctions committee said.

Another North Korea-linked hacking entity, Andariel, allegedly breached the systems of financial institutions, stealing some $360,000 worth of Bitcoin in 2022.

Earlier this year, notorious cybercriminals Lazarus Group – believed to have ties with the North Korean government – moved Bitcoin worth around $1.2 million in two transactions following months of inactivity.

The said hacking group has been a huge thorn in the crypto sector in recent years due to various system breaches and hacks law enforcement traced back to the group. The U.S. Treasury Department has linked the $600 million "Axie Infinity" Ronin bridge exploit to Lazarus Group, resulting in sanctions to crypto mixers Tornado Cash and Blender.io.

Read more