A recent cyber-attack on a cryptocurrency exchange last September resulted in the theft of hundreds of millions of dollars in digital money. The attack has been attributed to North Korean actors, according to a United Nations report to the UN Security Council.
The hackers targeted KuCoin, a Singapore-based cryptocurrency firm, and made off with $281 million in digital currency. However, CEO Johnny Lyu was able to recover $204 million of the stolen funds within a week of the attack. While the identities of the attackers have been uncovered, Lyu has chosen to keep this information confidential until the case is resolved.
The UN report strongly suggests that the cyber-heist was orchestrated by North Korean hackers, based on analysis of the attack vectors and efforts to launder the stolen funds. In addition to the KuCoin incident, the same attackers were also involved in a separate $23 million raid in October.
The hackers attempted to evade detection by using decentralized finance (defi) protocols and smaller cryptocurrency exchanges for money laundering. These tactics allowed them to bypass larger trading platforms that have more stringent security measures.
This is not the first time that North Korea has been implicated in cyber-attacks to fund its weapons programs. In 2019, a UN report estimated that the regime had stolen up to $2 billion from banks and crypto exchanges for this purpose. Cyber-attacks provide the regime with a way to generate income that is harder to trace and regulate compared to traditional banking methods.
As an international pariah, North Korea faces limited opportunities to generate funding through legitimate means. Cyber-attacks offer a lucrative and relatively low-risk method for the regime to finance its activities. The UN report underscores the need for increased cybersecurity measures to protect against state-sponsored attacks in the cryptocurrency sector.