Smarter News Now
  • About Us
  • Privacy Policy
  • Terms & Conditions
  • Contact Us
  • Email Whitelisting
No Result
View All Result
  • Top News
  • Economy News
  • Forex News
  • Investing News
  • Stock News
  • Politics News
  • Editor’s Pick
  • Top News
  • Economy News
  • Forex News
  • Investing News
  • Stock News
  • Politics News
  • Editor’s Pick
No Result
View All Result
Smarter News Now
No Result
View All Result
Home Investing News

North Korean hackers have crypto in their crosshairs

by
June 27, 2022
in Investing News
0
North Korean hackers have crypto in their crosshairs
0
SHARES
18
VIEWS
Share on FacebookShare on Twitter

THE WORLD of crypto isn’t just suffering from a market malaise that has seen the price of Bitcoin drop from $69,000 to around $20,000 today — it also faces a troubling number of security risks.

There have been dozens of breaches in the past few years showing that cybercriminals are gravitating toward the world of cryptocurrencies. In many cases, we don’t know who the attackers are, but one culprit that keeps coming up is the band of state-backed hackers from North Korea known as the Lazarus Group.

According to a new book by Geoff White, The Lazarus Heist, the regime’s hackers have become increasingly sophisticated over the past decade, managing to steal an estimated $2 billion worth of cryptocurrency to date. Crypto investors should expect the gang to continue exploiting blockchain targets, or the “the soft underbelly of the financial system,” according to White, who believes the $2 billion figure is a “vast underestimate.”

It stands to reason that the hacker group would target crypto networks: Lazarus’ modus operandi for years has been to generate as much cash as it could to help prop up the North Korean regime and its nuclear weapons program. In the past decade, its schemes have included sophisticated ATM hacks and ransomware, including the infamous WannaCry cyberattack.

Now decentralized finance, or DeFi, has become a more lucrative target than banks, thanks to the billions of dollars locked up in its various applications. But the move-fast-and-break-things culture still prevalent in web3 development hasn’t helped the security of those networks. Neither does the fact that building web3 apps is unusually hard for programmers, who can create gaping financial vulnerabilities with simple coding errors.

Across the board, the amount of money lost through hacks of DeFi projects more than doubled in 2021, with security website CrytpoSec listing 102 reported breaches between January 2020 and June 2022, totaling $3.4 billion lost.

Lazarus has gone after several crypto networks, including a Slovakian crypto exchange in 2020 from which it stole virtual currency worth $5.4 million. The hackers went on to launder the funds through the cryptocurrency exchange Binance, according to Reuters investigation. They were also behind the more-than-$600 million hack on play-to-earn-game Axie Infinity, which when measured by money stolen could be one of the biggest single hacks of all time. (The US Treasury Department blamed Lazarus as being behind the attack.)    

I spoke to White in a Twitter Spaces discussion this past week about the group, and some of its strategies for targeting DeFi networks in the future. Below is an edited excerpt from that discussion: 

Parmy: Do we have any idea of how many people are in the Lazarus group? How are its members selected and trained?

Geoff: In terms of how many there are, there’s a publicly quoted figure, which is 6,000, which has come from analysis of testimony from defectors who’ve come out of North Korea. To train these people, the North Korean government can’t rely on hackers in hoodies in bedrooms, kids who just go on YouTube, because in North Korea you can’t just pick up a laptop and go on the internet. All the computer hackers in North Korea have come up through the school system. They’ve been spotted and groomed by the regime to go into elite universities, to hone their skills. A lot will go into either the nuclear program or government hacking.

Parmy: North Korean hackers went after Axie Infinity in March. It seems that unlike other state-backed hackers they’re not targeting any particular country. Who or what do you expect them to go after in the future?

Geoff: Cryptocurrency is absolutely the direction of travel. If you’re looking at how much was stolen in one fell swoop, I think the $625 million stolen from Axie Infinity may be the biggest single hack of any amount of money from one company, in one hit, ever … If you look at the banks that they’ve hacked into, you’re talking Vietnam, the Philippines, Chile, Bangladesh. They will go anywhere where the security is weakest.

Parmy: They seem opportunistic in terms of scope. Given that blockchain networks have experienced a number of breaches and vulnerabilities, thanks in part to their difficult coding environment, do you expect blockchain to become an attractive target to North Korean hackers in the next few years?

Geoff: I think so. There have been reports coming out from alleged North Korean hackers advertising jobs and targeting cryptocurrency workers and saying, “Hey, I’ve got a great job for you. A perfect job.” And then tricking cryptocurrency workers into downloading malware and getting into the cryptocurrencies that way.

Bizarrely, it also seems that North Korea’s hackers are trying to get jobs at cryptocurrency companies. There’s been an alert put out by the US Treasury warning cryptocurrency firms about North Korean hackers turning up and applying for jobs. We’ve interviewed somebody who claims he actually interviewed a North Korean hacker who applied for a job at his company and realized halfway through the interview what was afoot. But when you think about it, it makes a lot of sense. If you’re inside a cryptocurrency company, you might be able to steal money from them directly.

You might be able to get the passwords, and even if you don’t, you might be able to introduce a flaw or vulnerability into that company’s code, which allows you to extricate money later on. And even if none of that works, if you’ve got a company e-mail address, you can e-mail other people in the crypto industry and say, “Hey, I just started work for company X. Have you seen this exciting news? See attachment to the e-mail.” And that’s how you get your viruses out.

BLOOMBERG OPINION

ShareTweetPin

Related Posts

Stocks decline on profit taking, recession fears
Investing News

Stocks decline on profit taking, recession fears

August 23, 2022
Peso climbs vs dollar as RTB offer starts
Investing News

Peso climbs vs dollar as RTB offer starts

August 23, 2022
PNR cancels bids for 3 projects after finding them ‘non-feasible’
Investing News

PNR cancels bids for 3 projects after finding them ‘non-feasible’

August 23, 2022
Senate grills Rodriguez on approval procedures for sugar import order
Investing News

Senate grills Rodriguez on approval procedures for sugar import order

August 23, 2022
Trade dep’t expecting sugar price monitoring report by Friday
Investing News

Trade dep’t expecting sugar price monitoring report by Friday

August 23, 2022
Fisherfolk seek halt to reclamation on municipal fisheries
Investing News

Fisherfolk seek halt to reclamation on municipal fisheries

August 23, 2022
Next Post
The Bible says nothing about abortion

The Bible says nothing about abortion

Get the daily email that makes reading the news actually enjoyable. Stay informed and entertained, for free.
Email Address *
Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!
 

Recommended

Bakers scramble to cope amid spike in flour prices

Bakers scramble to cope amid spike in flour prices

June 6, 2022
Gov’t releases P4.13B for cash transfer program

Gov’t releases P4.13B for cash transfer program

August 2, 2022
Customs exceeds May collection target by 21%

Customs exceeds May collection target by 21%

June 2, 2022
Scientists find an exotic black hole deemed a ‘needle in a haystack’

Scientists find an exotic black hole deemed a ‘needle in a haystack’

July 19, 2022
West Midlands and North East businesses hit hardest by cost of living

West Midlands and North East businesses hit hardest by cost of living

July 11, 2022
Philippines airlifts aid to areas cut off since earthquake

Philippines airlifts aid to areas cut off since earthquake

July 29, 2022
  • About Us
  • Privacy Policy
  • Terms & Conditions
  • Contact Us
  • Email Whitelisting

Copyright © 2022 SmarterNewsNow.
All Rights Reserved.

Disclaimer: SmarterNewsNow.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice.
The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

No Result
View All Result
  • About Us
  • Contact Us
  • Email Whitelisting
  • Home
  • Privacy Policy
  • Terms & Conditions
  • Thank You

Copyright © 2020 SmarterNewsNow. All Rights Reserved.