North Korean Hacker Group at the Center of Alleged Bitcoin Credentials Theft |


The recent surge in prices of cryptocurrencies in the global market has led to interest from potential investors as well as open doors for more cybercrime attacks.

The interest in Bitcoin just keeps growing bigger and bigger and this was after the cryptocurrency recorded some jaw breaking increase in its value over the past few months. Bitcoin traded over $10,000 last month and has continued to go up ever since.

This recent event has however caught the eye of cybercriminals who seek to take advantage of the surge in bitcoin’s price by hacking and stealing bitcoin credentials. Bitcoin theft or better still attempted bitcoin theft is no news since it has been in the system for quite some time now and the latest news with regards to that is a suspected North Korean cybercrime group with links to the North Korean government trying to hack their way into bitcoin industries with intent to steal credentials.

According to reports, a cryptocurrency firm based in London has been subjected to cyber-attacks by the Lazarus Group, the cybercrime group with alleged links to North Korea and these attacks were directly launched targeting bitcoins.

Bitcoin Theft

Now many people have asked numerous questions about the security governing bitcoin, wondering if the cryptocurrency is really safe from all any form of theft. While some hold the view that a bitcoin transaction can be hacked, others too have fallen victims to bitcoin theft in reality.

However, all of this bitcoin thefts over the past years have been because bitcoin owners were careless or where rather duped or received some shady service from the companies they are involved with.

Many cryptocurrency firms have experienced a hack or breach resulting in loss of huge sums worth of bitcoins. Recently is the cryptocurrency mining marketplace NiceHash, who was hacked and lost over 4,700 bitcoins in the process, an amount worth over $78 million at press-time prices. After many reports of emptied wallets were recorded, as well as an extended downtime period for the service’s website, the company which was founded in 2014 made an announcement saying that they’ve been hacked and robbed.

Marko Kobal, CEO, and co-founder of the company stated that the attack began in the early stages of December 6 after the computer of an employee got compromised. He, however, noted that they are working with law enforcement to determine how the hack took place.

SecureWorks, a cybersecurity firm including other firms suspects North Korea to be the mastermind behind the attacks orchestrated by the Lazarus groups, which they link to a cyber-robbery which involved $81 million at the Bangladesh central bank last year. Sony’s Hollywood studio was also under such attack, dating back to 2014.

In a released statement to reporters, SecureWorks said that: “Given the current rise in bitcoin prices, CTU suspects that North Korea’s interest in cryptocurrency remains high and (it) is likely continuing its activities surrounding the cryptocurrency.”

According to SecureWorks, it monitored a targeted email campaign last month which was aimed at deceiving victims into clicking on a compromised link for a job opening for a chief financial officer role at a cryptocurrency firm based in London.

Once the malicious hiring link within an attached word document was clicked on, a Remote Access Trojan (RAT) would be downloaded in the background of a victim’s device without notice, allowing the hacker to download additional malware or steal data.

SecureWorks stated that, in terms of technicalities, this malware is not that different from former campaigns conducted by the cybercrime group Lazarus. They added that they had named the malware “Nickel Academy” and as to whether anyone who received the email actually clicked on the link, SecureWorks did not answer.

SecureWorks noted that they believe there are still on-going schemes to steal credentials.

North Korea’s hacking history

Over the past years, North Korea has been at the center of numerous accusations with regards to hacking and other cyber-crimes.

Just last week, they were accused by South Korea’s spy agency as being behind attacks on cryptocurrency exchanges this year, stealing about $6.99 million worth of cryptocurrencies.

In addition to that, in June, they were also accused by South Korea’s Chosun I1bo of leaking personal information from 36,000 accounts from Bitthumb, the world’s busiest cryptocurrency exchange.

Chosun I1bo also cited the National Intelligence Service (NIS) as saying that a ransom of $5.5 million was demanded by the North Korean hacker group from Bitthumb in return for deleting the leaked personal information.


Leave a Reply

Your email address will not be published.