The crypto world isn’t just suffering from a market malaise that saw Bitcoin’s price drop from $69,000 to around $20,000 today — it also faces a troubling number of security risks.
There have been dozens of breaches over the past few years, showing that cybercriminals are gravitating towards the world of cryptocurrencies. In many cases, we don’t know who the attackers are, but one culprit that keeps coming up is North Korea’s state-backed hacking group known as the Lazarus Group.
According to a new book by Geoff White, ‘The Lazarus Heist’, the regime’s hackers have become increasingly sophisticated over the past decade, managing to steal an estimated $2 billion worth of cryptocurrency to date . Crypto investors should expect the gang to continue to exploit blockchain targets, or the “soft underbelly of the financial system,” according to White, who believes the $2 billion figure is a “vast under estimation”.
It stands to reason that the hacker group would target crypto networks: Lazarus’ modus operandi for years has been to generate as much money as possible to help support the North Korean regime and its nuclear weapons program. Over the past decade, his schemes have included sophisticated ATM hacks and ransomware, including the infamous WannaCry cyberattack.
Now, decentralized finance, or DeFi, has become a more lucrative target than banks, thanks to the billions of dollars locked up in its various applications. But the fast-moving, breaking-things culture that still prevails in Web3 development hasn’t helped the security of these networks. Nor is building Web3 applications exceptionally difficult for programmers, who can create gaping financial vulnerabilities with simple coding errors.
Overall, the amount of money lost to DeFi project hacks more than doubled in 2021, with security website CrytpoSec listing 102 breaches reported between January 2020 and June 2022, totaling $3.4 billion lost .
Lazarus has taken on several crypto networks, including a Slovakian crypto exchange in 2020 from which he stole virtual currency worth $5.4 million. The hackers then laundered the funds through the Binance cryptocurrency exchange, according to a Reuters investigation. They were also behind the hack of over $600 million on the Axie Infinity game, which, measured by money stolen, might be one of the biggest hacks of all time. (The US Treasury Department blamed Lazarus as being behind the attack.)
I spoke to White in a Twitter Spaces discussion last week about the group and some of their strategies for targeting DeFi networks going forward. Below is an edited excerpt from that discussion:
Parmy: Do we have an idea of the number of people in the Lazare group? How are its members selected and trained?
Geoff: In terms of numbers, there is a publicly quoted figure, which is 6,000, which comes from analysis of testimonies from defectors who have come out of North Korea. To train these people, the North Korean government can’t rely on hoodie-wearing hackers in bedrooms, kids just going to YouTube, because in North Korea you can’t just take a computer laptop and go online. All hackers in North Korea have gone through the school system. They were scouted and trained by the regime to enter elite universities, to hone their skills. A lot will go into the nuclear program or government hacking.
Parmy: North Korean hackers attacked Axie Infinity in March. It seems that unlike other state-backed hackers, they don’t target any particular country. Who or what do you expect them to pursue in the future?
Geoff: Cryptocurrency is absolutely the direction of travel. If you look at how much was stolen in one fell swoop, I think the $625 million stolen from Axie Infinity may be the biggest hack of any amount of money from a company, in one fell swoop, ever… If you look at the banks they hacked, you talk about Vietnam, the Philippines, Chile, Bangladesh. They will go wherever security is weakest.
Parmy: They seem opportunistic in terms of reach. Given that blockchain networks have experienced a number of flaws and vulnerabilities, in part due to their harsh coding environment, you expect blockchain to become an attractive target for North Korean hackers in the coming years. ?
Geoff: I think so. There have been reports of alleged North Korean hackers advertising jobs and targeting cryptocurrency workers and saying, “Hey, I have a great job for you. A perfect job. And then tricking cryptocurrency workers into downloading malware and getting into cryptocurrencies that way.
Oddly, it also appears that North Korean hackers are trying to get jobs at cryptocurrency companies. The US Treasury has issued an alert to warn cryptocurrency companies that North Korean hackers are showing up and applying for jobs. We interviewed someone who claims to have actually interviewed a North Korean hacker who applied for a job at his company and realized halfway through the interview what was going on. But when you think about it, it makes a lot of sense. If you are part of a cryptocurrency company, you may be able to steal money directly from them.
You may be able to get the passwords, and even if you don’t, you may be able to introduce a loophole or vulnerability in that company’s code that will allow you to withdraw money later . And even if none of that works, if you have a corporate email address, you can email other people in the crypto industry and say, “Hey, I just start working for Company X. Have you seen this exciting news?See attachment to e-mail.And this is how you get rid of your viruses.