Charges Against North Korean Hackers Show Cyber Thieves Shifting to Virtual Currency Markets and Exchanges
Federal charges unsealed in February against three computer programmers linked to the government of North Korea illustrate the appeal of cryptocurrency markets and exchanges for theft and fraud.
The assumed anonymity, relative lack of transparency, and varying regulations in the world of virtual currencies have made them the payment of choice on darknet marketplaces and in ransomware attacks and other criminal schemes. But according to an October 2020 report from the Attorney General’s Cyber Digital Task Force, those same qualities make them “particularly attractive, adaptable, and scalable as a target for theft.”
Media reports found $4.5 billion of cryptocurrency was reported lost to theft or fraud in 2019—more than double what was reported lost in 2018.
In explaining the threat, Justin Vallese, a Los Angeles-based FBI special agent who worked on the investigation into the North Korean hackers, said, “Criminals are always looking for less risk and greater reward.” And for now, the world of virtual currencies can offer that.
A Sustained Campaign of Cyber Intrusions and Thefts
The indictment unsealed on February 17 added to the charges previously brought against one member of the group, Park Jin Hyok, for the 2014 cyber intrusion into Sony Pictures, a cyber-heist from Bank of Bangladesh, and the release of a damaging ransomware variant known as WannaCry 2.0.
The newer charges allege Park and two colleagues attempted numerous destructive cyber intrusions, which included an array of cyber-enabled bank heists. These efforts were designed to steal billions of dollars to fund a North Korean regime stifled by international sanctions.
Assistant Attorney General John C. Demers of the Justice Department’s National Security Division described their efforts this way: “North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers.”
The North Korean hackers are alleged to have created several malicious cryptocurrency applications that looked legitimate but contained malware that provided the hackers access to the computers of victims who downloaded them. Those targeted could be individual investors but were more likely to be employees of virtual currency exchanges. The applications were supported by professional-looking websites that added an air of legitimacy to the new tools.
“When deciding where to put money, make an informed decision. Do your due diligence. Understand if they are a well-established, trusted exchange.”
– Justin Vallese, special agent, FBI Los Angeles
Once the application was installed, it could give the criminals access to the victim’s cryptocurrency wallets and private keys—allowing them to transfer funds from the victim’s wallet to cryptocurrency wallets controlled by the hackers.
These tactics and others allowed the North Korean hackers to steal $75 million from a Slovenian cryptocurrency company, $24.9 million from an Indonesian cryptocurrency company, and $11.8 million from a financial services company in New York between 2017 and 2020.
Losses can affect customers who have accounts at victimized exchanges when the firms have taken such a hit that there’s not enough to pay customers back on the assets they believe they have in the exchange.
The markets and exchanges for virtual currencies are attractive to criminals because they provide relatively fewer complications than thefts from traditional financial institutions.
For example, the charges allege the hackers attempted to steal $951 million via Society for Worldwide Interbank Financial Telecommunication (SWIFT) transfers from the Bank of Bangladesh but only made off with a fraction of that amount—about $80 million. While it was still an enormous loss, the safeguards that were in place at the bank prevented further damage.
Another difficulty of schemes targeting traditional banking institutions is the need to rely on a larger network of criminals to help steal and then launder the money.
“Criminals aren’t always reliable,” Vallese said. “So there is a great deal of risk involved between the theft and the money reaching the hackers’ accounts. With cryptocurrency, you cut out nearly all the middle-men.”
New Currencies Require the Same Caution
Vallese noted that as the value of certain cryptocurrencies has soared, more people are looking to invest in them. “It’s definitely somewhere people want to be,” he said. “But where there is potential for earning, there is potential for risk and loss.”
While no one can guarantee any investment will retain or gain value, where an investor chooses to hold that investment should have strong protections in place to guard against cyber intrusions and thefts.
“When deciding where to put money, make an informed decision,” Vallese said. “Do your due diligence. Understand if they are a well-established, trusted exchange.” Some important questions to ask are: Where is the exchange located? What kind of security practices are used? What kind of monitoring and regulations are in place?
The FBI is working with a wide array of government and law enforcement agencies in the U.S. and abroad to identify and address new cyber threats. The private sector is a key partner in helping gather and share information. And, of course, being aware of cyber threats and taking proper cyber security precautions is the responsibility of every individual.
Even if the investment is a novel one, apply the same rigor as you would with any other financial choice. And as with any online interaction, carefully weigh the possible risks before opening any email, clicking on a link, opening an attachment, or downloading an application.
Learn More About Virtual Currencies
The U.S. Securities and Exchange Commission has additional resources and information on digital currencies.