North Korea-Linked Hackers Suspected in $70 Million Crypto Theft

LONDON, Sept 15 (Reuters) – Blockchain researchers say North Korea-linked hackers are likely behind a $70 million theft from crypto exchange CoinEx.

Background

CoinEx, a Hong Kong-based crypto exchange, announced on social media platform X (formerly known as Twitter) that its crypto asset wallets had been hacked. The exchange estimates its losses at $70 million, which it claims is a small portion of its total assets.

The Suspected Hackers

Blockchain research firm Elliptic suggests that the Lazarus Group, a hacker group associated with North Korea, is responsible for the attack. The group has been linked to cyber-espionage activities in the past.

Chainalysis, another blockchain research firm, also believes that North Korea was behind the attack, stating that it has “medium-high confidence” in this assessment.

Evidence of North Korean Involvement

Elliptic points to several factors that indicate the involvement of the Lazarus Group:

• Some of the stolen funds were sent to a crypto wallet address previously used by the Lazarus Group to launder stolen funds.
• The funds were transferred to the Ethereum blockchain using a blockchain “bridge” that had also been used by the Lazarus Group in the past.

Increased Cyber Attacks

Elliptic reveals that the Lazarus Group has recently intensified its operations, carrying out four separate attacks since June, resulting in the theft of approximately $240 million worth of crypto assets.

North Korea’s Cryptocurrency Theft

A United Nations report states that North Korea significantly increased its cryptocurrency theft in 2022, using advanced techniques. The country has been accused of using cyberattacks to fund its nuclear and missile programs.

Response from North Korea

The North Korean mission to the United Nations in New York has not responded to requests for comments on the allegations.

Conclusion

The investigation into the CoinEx hack is ongoing, and the hacker’s identity remains unknown. However, the evidence suggests that North Korea-linked hackers, specifically the Lazarus Group, are responsible for the theft.

Reporting by Elizabeth Howcroft and Raphael Satter, Editing by Louise Heavens

Our Standards: The Thomson Reuters Trust Principles.

About the Authors

Elizabeth Howcroft: Reports on the intersection of finance and technology, including cryptocurrencies, NFTs, virtual worlds, and the money driving “Web3”.

Raphael Satter: Reporter covering cybersecurity, surveillance, and disinformation for Reuters. Work has included investigations into state-sponsored espionage, deepfake-driven propaganda, and mercenary hacking.