According to DeFiance Capital founder Arthur Cheong, North Korea is targeting crypto firms and projects.
Initially wrote the content below only for our portcos and partners but after some thoughts I think there are benefit to open-sourcing this.
North Korea steals 624 million USD in a single day
Last month, Axie Infinity’s Ronin Network fell victim to a consensus attack, which allowed the hackers to steal a record-breaking sum of 624 million USD. According to the US government, the attack was carried out by a North Korean hacker organization, which calls itself the Lazarus Group.
News broke after the US Treasury identified the wallet that received the stolen funds belonging to Lazarus. The Office of Foreign Assets Control (OFAC) has since placed the address on their Specially Designated Nationals And Blocked Persons List. On their website, OFAC states:
As part of its enforcement efforts, OFAC publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. […] Collectively, such individuals and companies are called “Specially Designated Nationals” or “SDNs.” Their assets are blocked and U.S. persons are generally prohibited from dealing with them.
BlueNorOff targets crypto organizations
DeFiance Capital founder Arthur Cheong has released a Twitter thread, warning that there might be a lot more organized cybercrime brewing in North Korea. Based on his research in coordination with other cybersecurity experts, he identifies the hacker group BlueNorOff as one of the leading cybercrime organizations that run an “organized campaign to target all the prominent organizations in the crypto space”.
Cheong cites a Kaspersky article on BlueNorOff, adding that the organization likely has “the relationship graph of the entire crypto space mapped out and know what kind of phishing emails are most likely to slip through our mental defense”. Earlier this month, there was a highly sophisticated spree of phishing emails targeted at Trezor users.
Cheong also says that other attack vectors, such as trojans might be used to steal funds from crypto wallets. In March, cybersecurity experts found a DeFi app that was laced with a trojan by the Lazarus Group. Cheong adds:
It is critical that this industry is highly aware that we are being actively targeted by a state-sponsored cyber crime organization that is extremely resourceful and sophisticated. They might even change the tools and attack pattern in future.