North Korean Hackers Actively Exploiting Crypto Industry: Report

  • Mandiant has reported that the North Korean hacker group APT43 is exploiting the crypto industry. 
  • They are using stolen crypto to mine fresh ones. 

As reported by cybersecurity service Mandiant, North Korean cybercrime operator APT43 is exploiting cryptocurrency via cloud computing. Researchers say that the group from North Korea is using stolen crypto for the mining of clean crypto.

Mandiant; soldier for cyber security

Mandiant is a Google subsidiary, and since 2018, is known for tracking the North Korean Advanced Persistent Threat (APT) group. The infamous group has now advanced to the category of independent identity. Cyber security analysts have placed the group on the list of major players, as they are often commingling with other groups.

However, Mandiant is tasked with spying on North Korea, which could pose serious threats. They recently reported that APT43 is allegedly involved in raising funds for the regime of the Democratic People’s Republic of Korea. All while raising funds for themselves through a string of unlawful operations. Further reports suggest that the group is succeeding in its mission.

Research indicates that the notorious group supposedly used hash rental and cloud mining services to convert stolen cryptocurrency into clean cryptocurrency. 

The Infamous APT43 Group

The infamous group APT43 steals and exploits cryptocurrencies to facilitate buying of operational infrastructure. This method aligns itself with the country’s unique ideology. The group tries to share the financial burden of the Korean government. 

The Famous Crypto Hacks of 2022

The crypto industry is not immune to hacks and has faced many attempts in 2022. The major ones are listed below. 

Ronin Network Hack. In March 2022, a hacker stole private keys, generated fake withdrawals, and transferred millions of funds from the network, causing a nearly $625 million loss. Wormhole Bridge Hack; in February 2022, hackers targeted the cross-chain bridge by exploiting a weakness in the protocol’s validation system. They generated huge quantities of wrapped Ethereum (wETH) from thin air and converted them to Ethereum using the same platform. Resulting in losses worth $325 million.

Another bridge called Nomad Bridge was attacked in August 2023, where hackers exploited a bug in the system, which allowed more withdrawals than the amount deposited. Interestingly, multiple people took advantage of the flaw, causing damages worth $190 million. However, it may or may not be a coordinated attack. 

Ethereum-based stablecoin protocol Beanstalk Farm was hacked in April 2022 by using flash loans. They used these flash loans to buy major positions in STALK, their native governance. Then using the gained power, proposed massive fund transfers, interestingly using their STALK tokens. Although the hackers only stole $80 million, the combined damage was nearly $182 million.

Wintermute was also hacked in April 2022, where hackers gained access to private keys, probably by brute force attacks and managed to steal around $16 million. Speculations are that this could be an insider’s job. 

How to avoid being hacked?

Crypto companies are spending billions to strengthen their securities, and timely assessment clears the weak points in their systems. It shall be assumed that the companies are safe to a certain extent. But as an individual user or trader, much care should be taken to be safe from hacks. 

Protect private keys at all costs, use cold wallets and distribute the assets intelligently. Double-check all the parameters before any transactions. Be vigilant about the news of hacks and look for similar instances in the medium. More importantly, be responsible for the assets.  

Steve Anderrson
Latest posts by Steve Anderrson (see all)

Source: https://www.thecoinrepublic.com/2023/03/29/north-korean-hackers-actively-exploiting-crypto-industry-report/