dprk - Pwim.Net

Ethereum Developer Indicted for Blockchain and Crypto Expertise Sharing in North Korea

A judge has ruled that the U.S. Department of Justice has enough evidence to move to trial against Ethereum developer Virgil Griffith.

The Ethereum research scientist was arrested in Los Angeles last week and charged for allegedly aiding in the circumvention of U.S. Sanctions that have been placed on the Democratic People’s Republic of North Korea. (North Korea). Griffith will be released from jail once bond had been posted to await trial according to his defense lawyer, Brian Klein.

Klein disclosed in a tweet on Monday that he now represents Griffith, who “looks forward to his day in court, when the full story can come out.”

The U.S. Attorney’s Office of the Southern District of New York announced on Nov. 29, that Griffith had been charged with ‘Conspiracy to Violate the International Emergency Economic Powers Act (IEEPA)’ by traveling to the Democratic People’s Republic of Korea (DPRK or North Korea) in order to deliver a presentation and technical advice on using cryptocurrency and blockchain technology to evade sanctions.”

According to the official complaint, Griffith had explicitly asked and been denied permission to travel to North Korea in order to give the presentation on blockchain technology. Specifically, the document outlines that Griffith had been aiding the development of a crypto exchange between North Korea and South Korea and was fully aware this would violate U.S. sanctions against the DPRK.

Image via Shutterstock

North Korean macOS Malware Detected on Crypto Platform

Security researchers have encountered a new cryptocurrency-focused macOS malware, believed to be the work of a North Korean group of hackers known as Lazarus.

As reported by Bleeping Computer on Dec.4, the malicious malware is capable of retrieving payloads from remote locations and running them in memory, which is very uncommon for macOS. This feature makes it difficult to detect the malware and makes forensic analysis extremely difficult. Analyzing the software through malware and virus detection site—VirusTotal, the researchers reported that initially, only 4 antivirus engines flagged it as malicious, this number improved meekly to 5 at the time of publication.Lazarus Strike Again

Researcher Dinesh Devadoss, first encountered the malicious software on a website called—unioncrypto.vip—that advertised a trading platform for “smart cryptocurrency arbitrage”. The suspicious website did not cite any download links, but hosted a malware package under the name “UnionCryptoTrader.”

Security researcher and macOS hacker Patrick Wardle analyzed the malware found by Devadoss and determined that “there are some clear overlaps” with another malware implant that has also been attributed to Lazarus and found by Malware Hunter Team less than two months ago. At the time, the researchers detected that Lazarus had created another malware targeting Apple Macs that masquerades behind a fake cryptocurrency firm.

North Korean Headlines

North Korea has been making headlines in the blockchain and crypto news recently as, Ethereum research scientist, Virgil Griffith was arrested in Los Angeles last week and charged for allegedly aiding in the circumvention of U.S. Sanctions that have been placed on North Korea. Griffith gave a presentation in North Korea on blockchain and cryptocurrency, although his supporters have argued that all the information discussed is open information that can be accessed by anyone. Griffith was released from jail on bond and is awaiting trial.The Ethereum community has expressed its strong support for Griffith and its co-founder, Vitalik Buterin has publicly declared that he will do everything possible to clear Griffith’s name and has been sharing a petition to free the blockchain developer.

Image via Shutterstock

US Treasury Sanctions Two Men Accused of Laundering Crypto for North Korean Cyber Crime Syndicate

The US Treasury’s Office of Foreign Asset Control (OFAC) has sanctioned two men believed to be involved in laundering stolen cryptocurrency from a 2018 cyberattack against a cryptocurrency exchange.

The Chinese nationals, Jiadong Li and Yinyin Tian have been added to the OFAC’s Specially Designated Nationals List according to an update by the US Treasury earlier today. The two men are believed to be a part of the Lazarus group, a cybercrime syndicate alleged to be working in collusion with the North Korean government and OFAC has blacklisted 20 Bitcoin addresses associated with the pair.

Sanctioned Chinese Nationals

According to a press release on March 2, Tian and Li received roughly $91 million that had been stolen in an April 2018 hack of an unnamed cryptocurrency exchange from DPRK-controlled accounts and an additional $9.5 million from a hack of another exchange.

It has been deduced by OFAC that Tian and Li transferred the currency among a series of addresses, siphoning off a small portion to an alternate address with each transfer. This process of laundering the US treasury describes as a “peel chain.”

As a result of today’s action, all property and interests in property of these individuals that are in the United States or in the possession or control of US persons, including the 20 BTC accounts, must be blocked and reported to OFAC.

North Korea’s Ties to Cyber Crime

The Democratic People’s Republic of Korea (DPRK) has reportedly been training cybercriminals to target and launder stolen funds from financial institutions, with a series of attacks leading to a subsequent UN investigation last year.

On Sep. 13, 2019, the US Treasury identified the Lazarus Group, along with Bluenoroff and Andariel, as North Korean hacking entities based on their relationship to the DPRK’s primary intelligence agency, the Reconnaissance General Bureau (RCB).

As reported by Blockchain.News, the Lazarus group also made headlines in December 2019 when security researcher Dinesh Devadoss, encountered a newly designed piece of cryptocurrency-focused macOS malware software on a website called—unioncrypto.vip—that advertised a trading platform for “smart cryptocurrency arbitrage”. All evidence pointed to the work of the North Korean cyber group.

The Treasury strongly believes that North Korea’s malicious cyber activity is a key revenue generator for its totalitarian regime often targeting cryptocurrency exchanges.

The release does not name either of the exchanges hacked, however, last November the South Korean exchange Upbit was the subject of an attack with a total of 342,000 ETH, a value of $50 million at the time, stolen from the Upbit Ethereum Hot Wallet.

Image via Shutterstock

US Court Indicts Alleged Lazarus Group Members in $250 Million Crypto Exchange Theft

While blockchain is promoted as being cryptographically secured as the underlying technology for cryptocurrency, exchanges that hold them are still prone to cyberattacks.

Two Chinese nationals, Tian YinYin and Li Jiadong were sanctioned yesterday by the US Government for their alleged involvement in laundering stolen cryptocurrency from a 2018 cyberattack against a cryptocurrency exchange.

Grand Jury Indictment

Court documents released via Twitter by Seamus Hughes at Program on Extremism reveal that the United States District Court for the District of Columbia issued an indictment against the two individuals in a massive cryptocurrency theft against an unnamed exchange. The grand jury for the case was sworn in on May 7, 2019.

Tian and Li who also go by their GOT inspired online aliases, Snowsjohn and Khaleesi respectively, have been charged with stealing nearly $250 million worth of virtual assets between July 2018 and April 2019.

According to the court documents, Tian and Li both held accounts at two different unnamed cryptocurrency exchanges. The pair violated legal requirements set out by the Financial Crimes Enforcement Network (FinCEN) by converting virtual currency into fiat currency in exchange for fees; the pair effectively operated as an unlicensed money transmitting business.

Tian and Li transferred over $100 million worth of Bitcoin between each other’s US accounts and China accounts engaging in a form of cryptocurrency laundering know as a “peel chain” before the hack occurred. Other forms of laundering mainly consisted of converting Bitcoin to USD, Chinese Yuan, and iTunes gift cards.

Tian and Li Linked to Lazarus Group

As announced by the US Treasury on March 2, Tian and Li have been identified for their connection to the North Korean state-sponsored cyber-crime syndicate known as the Lazarus group.

The court documents do not name either of the exchanges hacked, however, last November the South Korean exchange Upbit was the subject of an attack with a total of 342,000 ETH, a value of $50 million at the time, stolen from the Upbit Ethereum Hot Wallet.

Image via Shutterstock

US Intelligence Reveals Extent of North Korea’s “Hidden Cobra” Crypto-Dependent Cyber Crimes

In an effort to combat North Korea’s rampant crypto-dependent and money generating cyber crime campaign, the United States government published a list outlining the sanctioned state’s attacks dating back to 2017—as well as guidance on countermeasures.

The new warning released on April 15 by the US Treasury, Homeland Security, and the FBI advocated that it was imperative to stop North Korea’s illicit cyber activities and subsequent money stream to obstruct the authoritarian regime’s plan to develop weapons of mass destruction.

Per the release, “ The DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system. Under the pressure of robust U.S. and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs.”

The countermeasures guidance includes the implementation of a tough anti-money-laundering framework for digital currencies and the expulsion of North Korean IT workers, as well as stern advice to follow best cyber practices, and communicate with law enforcement.

Hidden Cobra

The US government is calling the North Korean cyber crime campaign by the code name “Hidden Cobra” and believes the campaign began as far back as May 2017 with the WannaCry and Malware attacks which infiltrated hundreds of thousands of computers, holding data hostage until a ransom in Bitcoin was paid. These hacks have been attributed to the DPRK by governments around the world, not only the United States.

The US agencies cite evidence that Hidden Cobra’s attackers have grown more sophisticated and diverse in their cyber campaigns with the majority of their plots highly dependent on stealing digital currency.

As stated by the US agencies, “The DPRK also uses cyber capabilities to steal from financial institutions and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent,”—with expectations of international cyber conduct.

North Korea has rebutted the allegations of stealing almost $2 billion dollars in fiat and crypto, by calling the accusations “a sort of a nasty game.”

The Case of Virgil Griffiths

US officials have adopted a zero-tolerance policy towards anyone even appearing to assist the North Korean crypto operations.

Virgil Griffith, the Ethereum research scientist was arrested in Los Angeles last December and charged for allegedly aiding in the circumvention of US Sanctions that have been placed on the Democratic People’s Republic of North Korea.

According to the official complaint, Griffith had explicitly asked and been denied permission to travel to North Korea in order to give the presentation on blockchain technology. Specifically, the charges cited that Griffith had been aiding the development of a crypto exchange between North Korea and South Korea and was fully aware this would violate US and UN sanctions against the DPRK.

Image via Shutterstock

North Korean Crypto Thefts in 2023: A $700 Million Cyber Menace

In 2023, the cryptocurrency world was shaken by a startling revelation from TRM Labs, a blockchain intelligence firm. The report indicated that groups linked to the Democratic People’s Republic of Korea (DPRK) were responsible for approximately 33% of all cryptocurrency thefts during the year, potentially amassing up to $700 million through these illicit activities.

The gravity of this situation is highlighted by the fact that nearly $1.5 billion was stolen by DPRK in the previous two years, marking a significant and worrying trend in cyber theft. This alarming increase in cyber thefts by North Korean operatives demonstrates their growing proficiency in this illicit domain.

The Methods of DPRK’s Crypto Heists

The tactics employed by DPRK in these heists have evolved over time, showcasing a sophisticated understanding of cryptocurrency and blockchain technology. In 2023, major thefts involving platforms such as Atomic Wallet, Alphapo, and CoinsPaid were attributed to North Korean operatives, causing a loss of approximately $197 million in cryptocurrencies.

Interestingly, one of their favored methods included the use of crypto mixers like Tornado Cash. However, following sanctions imposed on Tornado Cash in August 2023 by the US Department of Justice, DPRK hackers explored alternative methods for their operations. This adaptation to changing circumstances underlines the resilience and cunning of these cybercriminals in circumventing security measures.

The Crypto Conversion Strategy

A crucial aspect of these thefts involved converting the stolen assets to cryptocurrencies like Tether or Tron, although specific details on this conversion process in 2023 are not explicitly mentioned in available sources. This strategy likely served the dual purpose of laundering the stolen funds and evading detection by law enforcement agencies. The use of such cryptocurrencies, known for their stability and widespread acceptance, might have facilitated the seamless integration of these illicit funds into the global crypto economy.

The Ongoing Threat

Despite international sanctions and vigilance, North Korea remains a significant cyber threat, with their tactics continuously evolving to evade law enforcement. This persistence poses a continuous challenge to the global community, especially in the realm of cybersecurity and financial regulation.

In conclusion, the events of 2023 serve as a stark reminder of the ever-present danger posed by state-sponsored cybercriminals, especially those backed by regimes like DPRK. The crypto community, regulators, and international bodies must remain vigilant and collaborate to counter these sophisticated threats.

UN Investigation Reveals DPRK's $3 Billion Crypto Cyberattack Scheme

The United Nations (UN) is currently leading an investigation into a series of cyberattacks orchestrated by groups linked to the Democratic People’s Republic of Korea (DPRK), targeting cryptocurrency firms over a six-year span. These operations have reportedly generated approximately $3 billion in profits, which are believed to support North Korea’s weapons of mass destruction (WMD) development programs. The investigation, supervised by an independent sanctions committee, has identified 58 cryptocurrency-related companies as victims between 2017 and 2023.

The primary focus of these cyberattacks has been to circumvent international sanctions and bolster North Korea’s WMD capabilities, including its nuclear arsenal. Despite facing stringent UN sanctions aimed at cutting off funding for its WMD programs, North Korea has managed to continue its nuclear and missile development efforts. The UN sanctions, intensified over the years since their initial imposition in 2006, have sought to curb North Korea’s access to the international financial system and restrict its ability to develop and proliferate nuclear weapons.

Recent analyses by blockchain intelligence firms such as Chainalysis have shed light on the scale of DPRK’s cyber operations. In 2023 alone, DPRK-linked hacking groups were responsible for about $1 billion in cryptocurrency theft through 20 separate attacks, indicating a significant but slightly reduced activity level compared to the $1.7 billion stolen across 15 incidents in 2022. Despite advancements in cybersecurity measures and increased international cooperation in tracking and recovering stolen funds, experts predict that DPRK’s cybercriminal activities will continue to pose a significant threat. Advanced attack methodologies are expected to be employed by these groups, challenging global efforts to combat cybercrime.

The forthcoming UN report, expected to be published in the near future, aims to provide a comprehensive overview of these cyberattacks and their implications for global security and the international financial system. It will highlight the ongoing challenges posed by DPRK’s sophisticated cyber operations and the need for concerted international efforts to mitigate their impact.

The case of DPRK’s cyberattacks on cryptocurrency firms underscores the complex interplay between cybersecurity, international finance, and global efforts to prevent the proliferation of WMDs. It reflects the growing challenge of addressing state-sponsored cyber activities that not only threaten the security of the digital economy but also have broader implications for international peace and security.