🍎 🍕 Less apples, more pizza 🤔 Have you seen Buffett’s portfolio recently?Explore for Free

Blockchain analysts suspect N. Korea-linked hackers behind $70m crypto theft

Published 09/15/2023, 01:26 PM
Updated 09/15/2023, 01:31 PM
© Reuters. FILE PHOTO: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

By Elizabeth Howcroft and Raphael Satter

LONDON (Reuters) - Blockchain researchers say North Korea-linked hackers are likely behind a $70 million theft from crypto exchange CoinEx.

CoinEx, which says it is based in Hong Kong, said on Tuesday on social media platform X, formerly known as Twitter, that wallets used to store the exchange's crypto assets had been hacked. It said on Friday it estimates its losses at $70 million, which it said is a "small portion" of its total assets.

Blockchain research firm Elliptic said that "a number of factors" indicate that the Lazarus Group - a hacker group associated with North Korea - was responsible for the attack.

CoinEx has not said who it believes was behind the attack, although it has told Reuters it is aware that some security firms have claimed cyber-espionage teams linked to North Korea were to blame.

"The hacker's identity remains under investigation," CoinEx told Reuters via email early on Friday. CoinEx did not respond to a Reuters comment request sent via email later on Friday, outside of Hong Kong hours, about Elliptic's research, which was published in a blog post.

Elliptic said that some of the funds stolen from CoinEx were sent to a crypto wallet address which had previously been used by the Lazarus Group to launder stolen funds. The funds were also sent to the Ethereum blockchain using a blockchain "bridge" - a way of transferring funds between different blockchains - which had also previously been used by the Lazarus Group.

North Korea's mission to the United Nations in New York did not respond to a Reuters comment request sent via email.

Another blockchain research firm, Chainalysis, told Reuters on Thursday it had "medium-high confidence" that North Korea was behind the attack.

Elliptic said the Lazarus Group "appears to have recently ramped up its operations", stealing around $240 million worth of crypto assets in four separate attacks since the beginning of June, in addition to the CoinEx attack.

© Reuters. FILE PHOTO: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

North Korea stepped up its cryptocurrency theft last year, using sophisticated techniques to steal more in 2022 than any other year, according to a United Nations report. Sanctions monitors have previously accused North Korea of using cyberattacks to help fund its nuclear and missile programs.

North Korea has previously denied allegations of hacking or other cyberattacks.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.