A North Korean hacking group named Lazarus has been responsible for the disappearance of approximately $571 million in cryptocurrency, a report by Group-IB relayed by The Next Web finds.
Prior to its annual report in cybercrime statistics, Group-IB released some information showing that the North Korean state’s own hacking organization managed to steal more than half a billion US dollars in coins from exchanges. This may not be a complete picture, as the group may have also stolen more coins in other attacks.
So far, the largest attack that has been accounted for as Lazarus’ doing was the $534 million attack on Coincheck, where a large quantity of NEM disappeared from the exchange. An investigation into the events by multiple authorities around the world found Lazarus responsible, but couldn’t recover any of the money since most of it had been laundered by the time the investigation concluded.
The majority of Lazarus’ earnings came from this attack, which resulted in the Japanese Financial Services Agency finding new ways to tighten its grip on exchanges in the country in hopes of preventing another Coincheck-sized event from happening.
This crackdown was further provoked by the fact that only four years prior, a similar massive cryptocurrency attack took place on another Japanese exchange, Mt. Gox.
Group-IB also found that the methodology often used by these hackers doesn’t have much to do with vulnerabilities in the platforms’ code.
“Spear phishing remains the main vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam [with an attachment] that has a malware embedded in the document. After the local network is successfully compromised, the hackers browse [it] to find workstations and servers used working with private cryptocurrency wallets,” the company said in its summary.
So far, according to this report, a total of $882 million in coins have been stolen from exchanges alone, resulting in disastrous consequences for the reputation of the cryptocurrency community.