North Korea Targets South Korean Bitcoin Companies

North Korea has been in the news a lot recently, mostly for its leader’s continued and heightened threats against the United States and its allies. In response, the United Nations universally adopted new sanctions – with backing from China – against the hermit kingdom. The DPRK swiftly ramped up its rhetoric, and may have also performed cyberattacks against South Korean bitcoin exchanges.

North Korea Targets Bitcoin

UPI reported that the Cyber Warfare Research Center in South Korea recently stated that at least one South Korean Bitcoin exchange had been the target of a hacking attempt that likely originated from North Korea. The exchange was just one of many South Korean institutions to have been targeted in a widespread attack against the finance sector.

This attack was evidently distributed via a dedicated email campaign, not unlike most other types of malware these days. Employees of targeted exchanges were emailed, and if those emails were opened, the attached malware would possibly embed itself in the company’s computer network. Thus far, we do not know for sure how many businesses were affected.

Why Target Bitcoin?

The aforementioned sanctions are not the first that the international community has placed on North Korea to dissuade the country’s nuclear ambitions. However, they may be some of the first that are actually making the country hurt enough to take action. This is due in large part to China having signed onto these sanctions in a meaningful way. In the past, China had adopted a policy of providing the least amount of compliance with sanctions. However, China is now helping the situation by abiding by the sanction rules and also turning away much of North Korea’s coal exports. All of this means that North Korea is even more strapped for money than usual.

Korea University’s Professor Lim Jong-in said that the exchange hack may be one way that North Korea is looking to obtain more money in a somewhat hidden manner. Successful hacks of exchanges could be a nice revenue influx for the beleaguered nation.

However, it may not be the smartest move for North Korea to steal Bitcoin. As we have stated at length here at The Merkle, Bitcoin is not anonymous at all. Stolen funds can be tracked on the public blockchain. Even if North Korea were successful in its hacking attempt, any stolen funds could be tracked along the blockchain. Perhaps the rogue nation targeted exchanges in the hopes of making off with far more anonymous altcoins.

Bitcoin and other cryptocurrencies would also allow North Korea to somewhat disregard these new sanctions if said cryptocurrencies were sufficiently valuable. Some have suggested that the North is fairly well established in Bitcoin and altcoin mining and would not have to rely on fiat currency.

It is also possible that North Korea did this as a way of lashing out, rather than it being a dedicated attack to try and steal Bitcoin. North Korea knows that South Korea has become a hub for Bitcoin and other altcoin trading. Attacking a very active market would be one way of sending a message to the South Koreans that their northern neighbor is unhappy with their support of the US-drafted sanctions.

What surprises me is that there has been no mention of North Korea attacking Chinese exchanges. Since this is the first time China has actively backed sanctions, I assumed that if anyone would be “punished” by North Korea it would be China.

All of this being said, the origin of these attacks has not yet been fully identified. However, authorities are quite certain that North Korea is indeed behind these cyberattacks.