News Security

North Korea Hacking Group “Lazarus” Responsible for Five Cryptocurrency Attacks

Pinterest LinkedIn Tumblr

Recently, it was reported that nearly $900 million has been stolen from cryptocurrency funds and initial coin offerings (ICOs) over the past two years. New evidence is now suggesting that North Korea is the country primarily responsible for much of that theft.

The information comes from two separate cybersecurity firms: Group-IB and Recorded Future. Both are claiming that roughly $882 million in crypto funds have been stolen since late 2016, and approximately $571 million – roughly three-quarters – of that amount has been taken by hackers in North Korea, or more specifically a group known as Lazarus.

North Korea Crypto Hacking

Lazarus was first “outed” in 2017 by Kaspersky Labs for allegedly trying to spy or initiate cyberattacks on government-based servers, but it is also said that the organization has a knack for targeting cryptocurrency exchanges and digital funds. At press time, full connections between Lazarus and North Korea are not entirely understood, and there are four possibilities regarding the country’s relationship with the organization:

  • Lazarus is entirely independent of North Korea, in which this is all one big mix-up;
  • It is a cyber-mercenary collective that occasionally works on behalf of North Korea;
  • It is an independent side operation of persons affiliated with North Korea;
  • It is fully affiliated with North Korea.

Lazarus May Be Leading the Charge

Either way, Group-IB’s recently published document regarding the two years of covered cyberattacks discusses 14 separate incidents, of which five were potentially instigated by Lazarus. These attacks include ones on an exchange called Yapizon in South Korea, in which the total sum lost exceeds $5 million in crypto funds. There are also attacks on Coinis, YouBit and Bithumb in June of this year, in which the total lost money amounts to approximately $32 million.

The report also blames Lazarus for the attack on Coincheck last January. It was the largest cryptocurrency hack in history, in which more than half-a-billion dollars in assorted crypto funds vanished overnight. The Coincheck hack exceeds Mt. Gox in Japan by nearly $100 million.

Further Embarrassment for Japan

The company was later heavily criticized for its hot wallet tactics, and while executives have since begun issuing refunds to affected customers, the incident sparked a whole new wave of regulation and officiating Japan’s monetary arena.

The country’s Financial Services Agency (FSA) began issuing notices to all cryptocurrency exchanges doing business in Japan explaining that representatives would be monitoring their operations. In addition, these ventures were also warned that if they did not step up to the plate and improve their safety protocols to match present standards, they would be shut down for good.

More Tricks Up the Old Sleeve

Aside from attacking digital exchanges, North Korea is also being blamed for purportedly running cryptocurrency-related scams and phony ICOs. A document released by Recorded Future states the following:

“We have discovered an asset-backed cryptocurrency scam called Marine Chain operated by a network of North Korea enablers in Singapore. We came across discussions of Marine Chain as a cryptocurrency in a couple of bitcoin forums in August of 2018. Marine Chain was supposedly an asset-backed cryptocurrency that enabled the tokenization of maritime vessels for multiple users and owners.”

A Few More Pointers

Recorded Future states that any money invested into Marine Chain wound up as losses for investors. The venture’s website was allegedly a clone of, a blockchain-based service that allowed people to purchase or rent ships using digital assets. Furthermore, Marine Chain was hosted by four separate IP addresses which also hosted several other cryptocurrency scams in both 2017 and 2018.

Lastly, Recorded Future states that two Marine Chain executives are linked to North Korean sanctions circumvention efforts back in 2013.

Important Note: There have been reports of scammers approaching companies via Telegram, LinkedIn and Other Social platforms purporting to represent Blockonomi and offer advertising offers. We will never approach anyone directly. Please always make contact with us via our contact page here.

Nick Marinoff

Nick Marinoff has been covering cryptocurrency since 2014. He has served as a lead content writer and news editor for Money & Tech; a public relations writer for Game Credits, and a senior writer for both Bitcoinist and News BTC.

Beanstalk Gaming & NFTs
As Featured In
As Featured In