News Security

Chinese State-Sponsored Hacking Team Targets Crypto Companies

Pinterest LinkedIn Tumblr

Many in the cryptocurrency ecosystem simply assume government agents are active therein.

A new report making the rounds in the cryptoeconomy gives further credence to those assumptions in indicating a nefarious, state-sponsored force has entered the scene via a capable Chinese hacking team.

The hackers, a group known as “Advanced Persistent Threat 41,” or APT41, have made a name for themselves in the cybersecurity world since 2012. In recent years, the team has specialized in hacking companies for financial gain, particularly video game companies that use in-game money.


Yet, according to the authors of the aforementioned report — cybersecurity firm FireEye — APT41 doesn’t appear to be interested in profits alone. Indeed, as the company explained in their analysis, the group’s operations appear closely aligned with the ruling Chinese government’s domestic and international strategies:

“Like other Chinese espionage operators, APT41 targets industries in a manner generally aligned with China’s Five-Year economic development plans. However, some campaigns attributed to APT41 indicate that the group is also deployed to gather intelligence ahead of imminent events, such as mergers and acquisitions (M&A) and political events.”

FireEye also noted that APT41’s operations have recently been widening to new industries, with companies involved with cryptocurrencies being some of the group’s latest targets. (Note: in the spring, China’s top macroeconomic administrators said cryptocurrency mining should be terminated in the country, in the very least suggesting the nation’s authorities are increasingly attentive to the sector).

For example, FireEye determined that email addresses and malicious code APT41 has used in the past have been reused from time to time by the group, and that one of those addresses were deployed in a phishing campaign against an unnamed cryptocurrency exchange last year.

The group’s attacks have targeted companies and institutions in more than a dozen countries, ranging from the U.S. to South Korea, and if FireEye’s report is any indication, they are likely to conduct more cryptocurrency-centric attacks in the future.

FireEye Report Comes on Heels of U.N. North Korea Report

The cryptoeconomy is like any other space: it has its share of good and bad actors. North Korean cyber specialists are increasingly carving out their position leading that latter group.

This week, Reuters reported on a United Nations analysis its journalists had reviewed, with that analysis indicating the rogue state of North Korea has raised as much as $2 billion USD to date through cyberattacks designed to raise money for the country’s arms programs.

Notably, part of those cyberattacks have targeted cryptocurrency trading platforms, cryptocurrency mining operations, and mainstream banking institutions.

The U.N. investigators who compiled the report discovered nearly 40 episodes of North Korean hackers targeting these types of venues across nearly 20 countries as part of the rogue state’s funding efforts.

In particular, the investigators highlighted how North Korea’s targets against crypto enterprises made it easier for its agents to “generate income in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector.”

Such a dynamic partially served as the basis for the newly passed FATF rules, which were ratified by the intergovernmental Financial Action Task Force this summer.

Hackers Hard at Work and Whitehats Keep Studying

Hackers may feel comfortable roving about in the cryptocurrency ecosystem, but cybersecurity experts are also getting better understandings of these hackers as time goes on.

For example, the massive Coincheck hack last year that netted attackers more than 500 million NEM (XEM) was initially speculated to be the work of North Korean agents.

Yet reporting earlier this summer revealed that malware with Russian origins had been found on Coincheck employee computers. It wasn’t definitive proof that Russian hackers were involved, but the revelation showed that experts are closing in on understanding the wider attack style.


William M. Peaster is a professional writer and editor who specializes in the Ethereum, Dai, and Biticoin beats in the cryptoeconomy. He's appeared in Blockonomi, Binance Academy, Bitsonline, and more. He enjoys tracking smart contracts, DAOs, dApps, and the Lightning Network. He's learning Solidity, too! Contact him on Telegram at @wmpeaster

Write A Comment

As Featured In
As Featured In