UN Links North Korea to $281m Crypto Exchange Heist

Written by

A cyber-attack on a cryptocurrency exchange last September which led to the theft of hundreds of millions of dollars in digital money has been blamed on North Korean actors.

A United Nations report to the UN Security Council seen by Reuters “strongly suggests” that hackers from the “hermit kingdom” were involved in the cyber-heist at KuCoin last September.

The attack led to the theft of $281m in cryptocurrency from the Singapore-headquartered firm, although CEO Johnny Lyu subsequently revealed that $204m had been recovered by the following week.

He also claimed at the time that investigators had unveiled the identities of the attackers, although he refused to go public with the information until the case is closed.

“Preliminary analysis, based on the attack vectors and subsequent efforts to launder the illicit proceeds, strongly suggests links to the DPRK,” the UN reportedly claimed, without naming KuCoin.

It said that Blockchain records revealed the same attackers were behind a separate $23m raid in October, according to the newswire.

The state actors apparently tried to bypass the larger cryptocurrency trading platforms which raised the alarm, by using exchanges that facilitate person-to-person currency swaps.

“According to sources familiar with both hacks, the attackers exploited ‘defi’ protocols – i.e., smart contracts that facilitate automated transactions,” the UN reportedly claimed.

The attack certainly fits the MO of North Korean state-backed operatives. In 2019, a UN report claimed that the Kim Jong-un regime had stolen as much as $2bn from banks and crypto exchanges for its weapons of mass destruction programs.

As an international pariah, opportunities to generate this kind of funding aren’t easy for the regime.

The report claimed cyber-attacks including cryptojacking can “generate income in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector.”

What’s hot on Infosecurity Magazine?