Millions of dollars in cryptocurrency have been stolen, yet remarkably, this issue is still in its infancy. It's crucial to formulate measures now before the situation gets out of hand.
Cryptocurrency hacks are on the rise, with a notable increase in incidents involving state-affiliated or ideologically-driven hacking groups. North Korea, in particular, is facing scrutiny for its alleged role in these illicit activities. The escalating threats are compelling nations and multilateral institutions to collaborate and establish protective measures. Notably, security officials from the United States (US), South Korea, and Japan recently engaged in discussions regarding North Korea's participation in cryptocurrency thefts, along with its involvement in nuclear and ballistic missile programs.
The burgeoning use of cryptocurrency for nefarious activities is not a groundbreaking revelation. However, the intriguing element lies in state participation, exemplified by North Korea. Utilising stolen cryptocurrency funds for potential nuclear program financing not only complicates global trust in crypto but, more importantly, emerges as a critical global security concern.
North Korea, known for its severe repression and limited progress in promoting economic, social, and cultural rights, is now making concerning advancements in state-sponsored hacking of cryptocurrency organisations for funds, posing a significant global threat.
Utilising stolen cryptocurrency funds for potential nuclear program financing not only complicates global trust in crypto but, more importantly, emerges as a critical global security concern.
Since 2017, North Korea has expanded its focus on the cryptocurrency industry, pilfering an estimated US$3 billion worth of cryptocurrency. Utilising new technologies, the country's leadership successfully extracts funds from both traditional banks and digital assets, reflecting a concerning trend in the evolving landscape of cybercrime.
Traditional bank heists are most certainly part of North Korea’s repertoire. Their suspected involvement in the US$81 million theft from the central bank of Bangladesh raised concerns about a potential shift in cyberwarfare tactics. The attackers employed the Society for Worldwide Interbank Financial Telecommunication (SWIFT) global payment messaging system, convincing the Federal Reserve Bank of New York to transfer funds from the Bangladesh bank to accounts in the Philippines. Subsequently, cyber-thieves targeted banks in Vietnam and Ecuador via the SWIFT network, exposing vulnerabilities in the once-regarded secure SWIFT messaging system.
The threat expands from conventional assets to cryptocurrency, as the volume of money circulating within the ecosystem continues to grow, as seen in the Ronin Network incident. On March 29th, the network reported a cyber theft, disclosing the loss of 173,600 Ether (ETH) and US$25.5 million coins from its cross-chain bridge, totaling US$540 million—the second-largest crypto theft in history. Responding to the breach, the US Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions on the Ethereum address linked to the theft. The Lazarus Group, a North Korean state hacking group, was identified as the owner of the address, emphasising the persistent threat from state-sponsored hacking groups exploiting cryptocurrency vulnerabilities.
The threat expands from conventional assets to cryptocurrency, as the volume of money circulating within the ecosystem continues to grow, as seen in the Ronin Network incident.
In June, North Korean hackers orchestrated the theft of US$100 million in crypto assets from Horizon Bridge, targeting the Harmony blockchain service. The FBI's identification of the perpetrators underscores the ongoing global threat posed by state-sponsored hacking groups in the cryptocurrency ecosystem, necessitating heightened cybersecurity measures. The 2018 attack on the Japanese cryptocurrency exchange Coincheck, siphoning off US$530 million, remains unresolved in terms of identifying the perpetrators. However, South Korea’s National Intelligence Service suggested North Korea's potential involvement.
North Korea's pursuit of hard currency involves stealing or demanding payment in Bitcoin or other cryptocurrencies, highlighting the adaptability of the regime to exploit digital assets for financial gain. North Korea engages in laundering stolen cryptocurrency, utilising prominent cryptocurrency mixers like Blender.io and Tornado Cash. The complex money laundering network involves purchases of online infrastructure, conversion of cryptocurrency into fiat currency through Chinese nationals, and intricate processes that reveal the sophisticated nature of North Korea's cyber operations.
The standard response involves imposing sanctions and penalties on nations and groups engaged in such activities. Given the sophistication of these attacks and the dynamic nature of the cryptocurrency ecosystem, predicting them is challenging. Hence, it is imperative to develop mechanisms for crypto security. While anti-money laundering (AML) and countering the financing of terrorism (CFT) frameworks are globally implemented, addressing blatant crypto theft for illicit purposes requires additional measures. Perhaps, the exploration of a kill switch for immediate response to suspicious activities is a potential solution. Governments and enforcement agencies often act retrospectively, placing some of the responsibility on individuals to safeguard their cryptocurrency.
Given the sophistication of these attacks and the dynamic nature of the cryptocurrency ecosystem, predicting them is challenging.
However, it's important to note that governments and enforcement agencies often do respond decisively. In the aftermath of a security breach, the OFAC took prompt action, imposing sanctions on the Ethereum address linked to the theft. The entity identified as the Lazarus Group was the owner of the address, and the FBI was actively involved in the investigation of the incident.
While individual responsibility is crucial, it does not negate the government's duty to safeguard its citizens. Starting with the basics, it's crucial to exercise extreme caution when engaging in cryptocurrency transactions, considering that cryptocurrency assets lack institutional safeguards against conventional fraud. Opting for hardware wallets is recommended for heightened security, as they offer more protection than “hot wallets” like MetaMask, which are continuously connected to the internet. In the case of hardware wallets linked to MetaMask, every transaction requires approval via the hardware wallet, adding an extra layer of security. Additionally, users should exclusively utilise trustworthy decentralised applications (dApps) and verify smart contract addresses to ensure their authenticity and integrity. The legitimacy of contract addresses can be verified using tools like MetaMask, block explorers such as Etherscan, or sometimes directly within the dApp interface
Regulators must continually evaluate new entrants in the cryptocurrency space, ensuring they are authorised, valid exchanges that meet the latest security standards and, of course, comply with the nation's security regulations. The surge in cryptocurrency hacks orchestrated by state-affiliated groups underscores the need for a worldwide response to safeguard digital assets, in a way contributing to global peace.
Starting with the basics, it's crucial to exercise extreme caution when engaging in cryptocurrency transactions, considering that cryptocurrency assets lack institutional safeguards against conventional fraud.
North Korea's involvement in traditional bank heists and cryptocurrency theft underscores the need for enhanced cybersecurity. The dynamic cryptocurrency landscape requires proactive security measures, and collaboration between nations, institutions, and individuals is crucial for formulating safeguards. Regulators play a pivotal role in assessing new entrants and ensuring compliance, collectively addressing cryptocurrency security challenges. Millions of dollars in cryptocurrency have been stolen, yet remarkably, this issue is still in its infancy. It's crucial to formulate proactive measures now before the situation gets out of hand.
Sauradeep Bag is Associate Fellow at the Observer Research Foundation
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.
Sauradeep Bag is Associate Fellow at ORF. Sauradeep has worked in several roles in the startup ecosystem and in international development with the United Nations Capital ...Read More +