In addition to the market malaise, cryptocurrencies also face a number of security risks.

Not only is the crypto world suffering from a market malaise that has seen the price of Bitcoin drop from $69,000 to around $20,000 today, but it is also facing a worrying number of security risks.

There have been dozens of breaches in recent years that show that cybercriminals are gravitating towards the world of cryptocurrencies. In many cases, we don’t know who the attackers are, but one culprit that keeps cropping up is North Korea’s state-backed hacking gang known as the Lazarus Group.

According to a new book by Geoff White, “The Lazarus Heist,” the regime’s hackers have become increasingly sophisticated over the past decade, managing to steal an estimated $2 billion worth of cryptocurrency to date. Crypto investors should expect the gang to continue exploiting blockchain targets, or “the underbelly of the financial system,” according to White, who believes the $2 billion figure is a “vast underestimate.”

It makes sense for the hacker group to target crypto networks: Lazarus’ modus operandi for years has been to generate as much cash as possible to help prop up the North Korean regime and its nuclear weapons program. In the past decade, his schemes have included sophisticated ATM hacks and ransomware, including the infamous WannaCry cyberattack.

Now decentralized finance, or DeFi, has become a more lucrative target than banks, thanks to the billions of dollars locked up in its various applications. But the culture of moving fast and breaking things that is still prevalent in web3 development has not helped the security of those networks. Neither does the fact that building web3 applications is unusually difficult for programmers, who can create huge financial vulnerabilities with simple coding errors.

Overall, the amount of money lost through DeFi project hacking more than doubled in 2021, with security website CrytpoSec listing 102 breaches reported between January 2020 and June 2022, totaling $3.4k millions lost.

Lazarus has gone after several crypto networks, including a Slovakian crypto exchange in 2020 from which he stole $5.4 million worth of virtual currency. The hackers laundered the funds through cryptocurrency exchange Binance, according to a Reuters investigation. They were also behind the $600 million+ hack of the game Axie Infinity, which when measured by the money stolen could be one of the biggest individual hacks of all time. (The US Treasury Department blamed Lazarus for being behind the attack.)

I spoke with White in a Twitter Spaces discussion last week about the group and some of their strategies for targeting DeFi networks in the future. Below is an edited excerpt from that discussion:

Parmy: Do we have any idea how many people are in the Lazarus group? How are your members selected and trained?

Geoff: In terms of how many there are, there is a publicly cited figure, which is 6,000, which comes from analysis of the testimony of defectors who left North Korea. To train these people, the North Korean government can’t rely on hackers in hoodies in rooms, kids who just go on YouTube, because in North Korea you can’t just grab a laptop and go online. All hackers in North Korea have emerged through the school system. They have been detected and groomed by the regime to go to elite universities, to hone their skills. Much will be invested in the government’s nuclear program or hacking.

Parmy: North Korean hackers went after Axie Infinity in March. It seems that unlike other state-backed hackers, they do not target any particular country. Who or what do you hope they will chase in the future?

Geoff: Cryptocurrency is absolutely the direction of travel. If you’re looking at how much was stolen in one fell swoop, I think the $625 million stolen from Axie Infinity may be the largest single theft of any amount of money from a company, in one fell swoop, ever… If you look at the banks they’ve hacked , you are talking about Vietnam, Philippines, Chile, Bangladesh. They will go to any place where security is weakest.

Parmy: They seem opportunistic in terms of scope. Given that blockchain networks have experienced a number of breaches and vulnerabilities, thanks in part to their difficult encryption environment, do you expect blockchains to become an attractive target for North Korean hackers in the next years?

Geoff: I think so. There have been reports of suspected North Korean hackers posting jobs and targeting cryptocurrency workers and saying, “Hey, I’ve got a great job for you. A perfect job. And then tricking crypto workers into downloading malware and breaking into crypto that way.

Interestingly, it also appears that hackers from North Korea are trying to get jobs at cryptocurrency companies. There has been an alert issued by the US Treasury warning crypto companies about the appearance of hackers from North Korea and applying for jobs. We’ve interviewed someone who claims that he actually interviewed a North Korean hacker who applied for a job at his company and realized mid-interview what was going on. But when you think about it, it makes a lot of sense. If he is inside a cryptocurrency company, it is possible that he can steal money from them directly.

You may be able to get the passwords, and even if you don’t, you may be able to introduce a flaw or vulnerability in that company’s code, allowing you to cash out later. And even if none of that works, if you have a company email address, you can email other people in the crypto industry and say, “Hey, I just started working for company X. Have you seen this exciting news? See file attached to email.” And that’s how you get your viruses out.

Leave a Comment