- DeFiance Capital founder Arthur Cheong has warned that North Korean-linked hackers are targeting all prominent crypto organizations.
- He also told Crypto Briefing that he had evidence that the state-sponsored BlueNorOff hacking group was behind the spear-phishing attack that resulted in him losing around $1.7 million worth of NFTs.
- On Thursday, the U.S. government confirmed that North Korea was also behind the $550 million Ronin Network hack that happened last month.
Share this article
DeFiance Capital founder Arthur Cheong has said that North Korea’s state-sponsored hackers have likely already penetrated all corners of the crypto industry and know precisely the kind of attacks to steal users’ funds.
Cheong Says North Korea Is Targeting Crypto Organizations
Arthur Cheong thinks that North Korea is actively trying to harm the crypto industry.
In a Friday tweet storm, the DeFiance Capital founder said that his research and conversations with leading cyber security experts have led him to believe that North Korea’s state-sponsored cybercrime organization BlueNorOff is “running an organized campaign to target all the prominent organizations in the crypto space.”
1/ Based on our research and conversation with leading cyber security experts, we believe BlueNorOff are running an organized campaign to target all the prominent organizations in the crypto space.
— Arthur ?⛩️?? (@Arthur_0x) April 15, 2022
Based on the sophistication of their social engineering attacks, Cheong said the group has likely “mapped out” the entire crypto space and knows precisely the kind of phishing emails that would slip through its defenses. “It is critical that this industry is highly aware that we are being actively targeted by a state-sponsored cybercrime organization that is extremely resourceful and sophisticated,” he said. “They might even change the tools and attack pattern in the future.” Cheong later added that he thinks North Korea has access to email addresses for “everyone” in the cryptocurrency industry.
Last month, Cheong himself was a victim of a social engineering attack that resulted in him losing about $1.7 million worth of NFTs. The hackers used a refined “spear phishing” email to deploy malware on his device and extract the seed phrase of his hot wallet. In crypto, a seed phrase give direct access to the private keys of a particular crypto wallet, effectively allowing anyone that has access to the phrase absolute control over the crypto funds stored inside the wallet. Cheong told Crypto Briefing that he had hard evidence corroborated by a cyber security firm that proved the North Korean state-sponsored hacker group BlueNorOff was behind the attack. He also said that the same group was confirmed to have executed several other attacks on high-profile persons, firms, and protocols.
A January report by the blockchain forensics firm Chainalysis showed that North Korea had stolen over $400 million in cryptocurrencies in 2021 alone. According to the report, the Lazarus Group, led by North Korea’s primary intelligence agency, was behind the $281 million KuCoin and $97 million Liquid cryptocurrency exchange hacks. Moreover, the U.S. Treasury confirmed Thursday that the Lazarus Group was also behind the $550 million Ronin Network bridge hack that happened last month. The attack was the second-largest in crypto history.
In today’s tweet storm, Cheong advised prominent organizations and members of the crypto industry to exercise extra diligence in handling their crypto assets, as North Korea was likely to scale up the intensity of the attacks on the industry. Besides standard security measures, including using multi-signature wallets, enterprise-grade custody solutions, and hardware dedicated exclusively for handling crypto transactions, Cheong said that crypto firms should also be careful when hiring new team members. “We have heard of this case from one of our portfolio companies where applicants for their software engineer role appear to be suspicious in interview, and unable to match up with their profile in their resume,” he said, suggesting that North Korean hackers have tried to infiltrate legitimate cryptocurrency firms.
According to a January report published by cyber security firm Kaspersky, North Korea is known for creating fake companies to develop crypto software that deceives users to install malicious apps that drain their funds. Per the same report, North Korea’s bread-and-butter has been using elaborate social engineering schemes to attack small to mid-sized crypto startups.
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.
NFT Express: Your on-ramp to the world of NFTs
At Tatum, we’ve already made it super easy to create your own NFTs on multiple blockchains without having to learn Solidity or create your own smart contracts. Anyone can deploy…
North Korean Cybercrime Syndicate Lazarus Group Implicated in Ronin Ha…
The North Korean cybercrime group known as Lazarus Group has been confirmed by the U.S. Treasury Department to be linked to the $550 million Ronin Chain hack last month. The…
Japanese Crypto Exchange Liquid Suffers $97M Hack
Japanese crypto exchange Liquid has announced that its hot wallets suffered a hack. Liquid Hacker Steals $97 Million Liquid has been hacked. The Japanese cryptocurrency exchange Liquid reported a security…
Axie Infinity Network Hit by $551.8M Exploit
The Ronin bridge and Katana exchange have been halted following the incident. Axie Infinity Network Suffers Vulnerability Ronin Network, the blockchain underpinning the popular play-to-earn game Axie Infinity, has been…
KuCoin Exchange Reopens Bitcoin, Ethereum Withdrawals After $281M Hack
Following the $281 million KuCoin hack two weeks ago, the exchange blocked all deposits and withdrawals. Now, it seems that their new security measures are in place as they restart…