HomecrimeNorth Korean Hackers Reportedly Targeting Ethereum Users in South Korea

North Korean Hackers Reportedly Targeting Ethereum Users in South Korea


According to a new report from security research firm FireEye, North Korean hackers are targeting Bitcoin and Ethereum users in South Korea.

North Korea hacking South Korea for ETH… never thought I’d see that headline

FireEye’s report suggested that North Korean hackers are attempting to breach into South Korean cryptocurrency exchanges and steal user funds in Bitcoin and Ethereum.

Since May 2017, FireEye researchers claimed that North Korean hackers have been consistently targeting South Korean exchanges like Yapizon, which underwent major security breaches.

The FireEye report read:

“Add to that the ties between North Korean operators and a watering hole compromise of a Bitcoin news site in 2016, as well as at least one instance of usage of a surreptitious cryptocurrency miner, and we begin to see a picture of North Korean interest in cryptocurrencies, an asset class in which Bitcoin alone has increased over 400 percent since the beginning of this year.”

“Spearfishing” the largest Bitcoin exchanges in South Korea

The research firm further emphasized that a method called “spearfishing” has been used against some of the largest Bitcoin exchanges in South Korea.

By targeting users with tax-related phishing attacks, and deploying malware such as PEACHPIT, FireEye claimed that North Korean hackers were able to gain access to the accounts of many South Korean Bitcoin and Ethereum users.

The report added:

“The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware (PEACHPIT and similar variants) linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016.”

Throughout its report, researchers and analysts at FireEye state that the initiation of hacking attacks toward South Korean cryptocurrency trading platforms coincided with the enforcement of increased economic sanctions against North Korea by the US and the international community.

The report revealed that the first spearfishing attacks against South Korean trading platforms began in early May, targeting a single exchange.

In late May, a second Bitcoin exchange was reportedly breached by North Korean hackers, compromising user funds.

In early July, FireEye researchers claimed that a third major South Korean exchange was targeted, with a method which directly allowed North Korean hackers to threaten personal accounts through spearfishing.

North Korean Hacks

So what was the purpose of the attacks?

All of the abovementioned attacks occurred after the enforcement of new sanctions against North Korea on April 24, which led analysts within the cryptocurrency sector to speculate on the purpose of the attacks towards South Korean cryptocurrency exchanges.

FireEye’s report noted that amidst tightening sanctions and the enforcement of new regulations against trading with North Korea, it is understandable that the North Korean government would target an emerging asset class which is triggering an exponential increase in demand in China, South Korea and Japan.

The report concluded:

“It should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise. While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime, and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential.”

Because Bitcoin exchanges and trading platforms are centralized, the level of security for Bitcoin and cryptocurrency wallets wholly depend on the service provider.

Hence, in order to prevent any more attacks from North Korean hackers, South Korean exchanges should allocate more resources in securing their platforms with necessary measures.


Cyprus registers Binance as a cryptocurrency service provider.

Binance, a cryptocurrency exchange, will be able to provide services for virtual currencies in Cyprus as a result of the platform's recent registration with the...

More than 24,000 ATMs in Brazil will offer USDT through Tether and Smartpay.

Usdt, the largest dollar-pegged stablecoin on the market, was created by Tether, a company. Tether recently announced that more than 24,000 ATMs in Brazil will...

To solve the blockchain modularity issue, Celestia raises $55 million.

The project Celestia, which seeks to address the alleged centralization issue in the current monolithic blockchains, has announced the completion of its most recent funding...

Hong Kong considers removing the “Professional Investor-Only Requirement” and allowing retail investors to trade cryptocurrency.

Securities and Futures Commission (SFC) of Hong Kong's director of licensing and head of the fintech division both confirmed that the regulator is taking into...
[td_block_social_counter style="style8 td-social-boxed td-social-font-icons" facebook="tagdiv" twitter="tagdivofficial" youtube="tagdiv" custom_title="Follow us" block_template_id="td_block_template_11" border_color="#fbb03b" f_header_font_size="eyJhbGwiOiIyMCIsInBvcnRyYWl0IjoiMTgifQ==" f_header_font_weight="600" f_header_font_family="702" f_header_font_transform="uppercase" tdc_css="eyJwb3J0cmFpdCI6eyJkaXNwbGF5IjoiIn0sInBvcnRyYWl0X21heF93aWR0aCI6MTAxOCwicG9ydHJhaXRfbWluX3dpZHRoIjo3NjgsInBob25lIjp7Im1hcmdpbi1ib3R0b20iOiI0MCIsImRpc3BsYXkiOiIifSwicGhvbmVfbWF4X3dpZHRoIjo3NjcsImFsbCI6eyJtYXJnaW4tYm90dG9tIjoiMzAiLCJkaXNwbGF5IjoiIn19"]

Most Popular