US authorities this week linked North Korean hackers to the historic €580 million Axie Infinity cryptocurrency scam, leading to the emergence of a new type of threat to national security, according to a blockchain expert.
On Thursday, the US Treasury Department added an ethereum wallet address to its sanctions list after the wallet facilitated transfers of more than $86 million of the stolen funds.
Hacking groups Lazarus and APT38, both linked to North Koreawere behind the theft, the FBI said in a statement, and the funds are generating revenue for the Kim Jong Un regime.
Ari Redbord, head of legal and government affairs at blockchain research firm TRM, says the attack shows that even a nation as isolated as North Korea can engage in new-age cyber warfare.
“In recent years, many hacks have been perpetrated by North Korea,” Redbord tells Business Insider. “But the magnitude of this shows that things they have gone from being small exploit to real national security issues. It’s amazing: a bank robbery at the speed of the Internet.”
For years, North Korean actors have been responsible for cyberattacks, including a high-profile hit against Sony in 2014. But groups like Lazarus have become increasingly sophisticated and ambitious.
In the meantime, companies in the nascent cryptocurrency sector are still finding their footing when it comes to cybersecuritywhich makes them vulnerable to hacking groups that continually refine their tactics.
“North Korea realized that a hack against an online retailer was one thing, but going after cryptocurrency exchanges is a more effective way to fund destabilizing activity at very little cost to them,” Redbord said.
The country was an early adopter of cryptocurrency money laundering, he adds, and there are no signs that his bad actors are going to slow down his efforts, as he has proven to be extremely profitable.
Furthermore, Redbord points out that social engineering attacks, such as the Axie Infinity infiltration, are becoming more advanced.
These hacks are not the result of a simple phishingbut are nuanced attacks directed at specific people.
The new digital battlefield
Although North Korea has an extremely small economy and limited infrastructure, it has shown that it can engage in cyber warfare on a scale similar to that of world superpowers like the United States and China.
The Axie Infinity hack, in particular, reinforces Redbord’s belief that the scale of digital attacks is increasing at such a rate that a new kind of war is emerging.
“In the last year, we have moved from a post-9/11 world to a new digital battlefield,” says Redbord. “Nation-state actors know they should go after crypto businesses to finance the proliferation of real weapons, it’s not just some hackers trying to finance a lifestyle.”
North Korea’s use of the Lazarus cluster confirms that the country’s isolation and lack of modern infrastructure does not prevent it from engaging in cyber warfare on the world stage, Redbord explains.
The cryptocurrency sector is an excellent target for these attacks due to the volume of transactions and funds that move every day, but also because companies are not fully mature and may still be developing their own cybersecurity protocols.
Unfortunately, this means that many companies often don’t have the most up-to-date security measures in place, says Redbord.
“It is about hardening cyber defenses. We are still in a world where these companies are learning to protect themselves, and now we have seen that a small group is responsible for the largest cryptocurrency hack,” he said. “If there was ever a doubt that the hacks were not linked to national security, that has been resolved.