North Korea's Lazarus Group and How They Steal Your Crypto

In recent years, cryptocurrency has become a hotbed for criminal activity, and nation-states are not exempt from using this new digital frontier for illicit gain. Among the most notable offenders is North Korea, with its infamous Lazarus Group leading the charge in state-sponsored cybercrime activities. This article explores the Lazarus Group's operations and highlights the top ways nation-states are engaging in crypto scams.

The Lazarus Group: North Korea’s Cybercrime Army

The Lazarus Group, a sophisticated hacker collective associated with North Korea's government, has gained notoriety for its involvement in large-scale cyberattacks and financial heists. U.S. authorities, cybersecurity firms, and international intelligence agencies have linked the group to several high-profile cybercrimes, most notably cryptocurrency theft and ransomware attacks¹.

Key Activities of the Lazarus Group

Cryptocurrency Theft: The Lazarus Group has been behind some of the largest cryptocurrency thefts in history, targeting exchanges and financial institutions worldwide. Their most infamous heist occurred in 2018 when they stole nearly $500 million worth of digital assets from the Coincheck exchange in Japan². They are also implicated in the 2020 hack of the KuCoin exchange, in which hackers took over $275 million in cryptocurrencies³.

Ransomware Attacks: Lazarus has employed ransomware tactics to extort money from victims, demanding payment in Bitcoin or other cryptocurrencies. These attacks often target critical infrastructure and large corporations, making it difficult for victims to pay ransoms without drawing unwanted attention⁴.

Money Laundering and Sanctions Evasion: To obscure the origin of stolen funds, Lazarus often utilizes complex methods to launder cryptocurrency, including using “mixers” that obfuscate transaction details. This helps the group evade sanctions imposed by the U.S. and other nations, allowing North Korea to access the stolen assets and fund its military and weapons programs⁵.

Top Ways Nation-States Are Engaging in Crypto Scams

While North Korea's Lazarus Group is the most well-known actor in the world of state-sponsored crypto scams, other nation-states have also employed various tactics to manipulate the cryptocurrency market. Below are some of the most common strategies.

Cryptocurrency Theft and Exchange Hacks: Cybercriminals backed by nation-states often target cryptocurrency exchanges, wallets, and decentralized finance (DeFi) platforms to steal funds. These exchanges typically hold vast sums of digital assets, making them prime targets. State-backed hackers employ sophisticated malware, phishing campaigns, and social engineering to compromise the security of exchanges and siphon off funds⁶.

Pump-and-Dump Schemes: Nation-states, or their proxies, have been linked to “pump-and-dump” schemes, in which they artificially inflate the price of a lesser-known cryptocurrency by acquiring large amounts and promoting it on social media platforms. Once the price peaks, the attackers sell off their holdings, causing the value to plummet, while unsuspecting investors are left with worthless assets. Such schemes not only harm retail investors but can destabilize smaller economies that rely on cryptocurrencies⁷.

Fake ICOs (Initial Coin Offerings): Another common crypto scam involves nation-states or state-backed actors launching fraudulent ICOs. These fake ICOs promise high returns on new cryptocurrencies but are designed to trick investors into transferring funds to wallets controlled by the perpetrators. Once the funds are collected, the project disappears, and investors are left with nothing. North Korea, for example, has been accused of using such tactics to raise funds for the regime⁸.

Cryptojacking: Nation-states with limited access to traditional financial systems or sanctions often turn to cryptojacking, a method in which they hijack the computing power of others to mine cryptocurrency. This can be done by infecting websites, software, or even government systems with malware that uses the victim’s resources to mine for digital currency, generating illicit profit for the attackers⁹.

Ransomware and Double Extortion: State-sponsored hackers increasingly use ransomware as a tool of geopolitical warfare, targeting private and public entities in other nations. However, many state-backed actors have adopted "double extortion" tactics: not only do they encrypt the victim’s files, but they also steal sensitive data and threaten to release it unless a ransom is paid. The growing prevalence of cryptocurrency as a preferred payment method has made ransomware attacks more lucrative, as cryptocurrency offers relative anonymity for criminals¹⁰.

Monero Mining and Privacy Coins: Some nation-states favor privacy-focused cryptocurrencies like Monero (XMR) due to their untraceable nature. By supporting the mining of privacy coins, they are able to finance their operations and circumvent international sanctions without leaving a clear trail. These coins make it harder for law enforcement agencies to trace the illicit flows of funds, providing an attractive alternative to more transparent cryptocurrencies like Bitcoin¹¹.

Malicious Smart Contracts: A newer tactic employed by state-sponsored actors is the creation of malicious smart contracts on blockchain platforms like Ethereum. These contracts are designed to exploit vulnerabilities in decentralized applications (dApps) or smart contract code, allowing the attacker to siphon off funds or manipulate the flow of assets. By exploiting these smart contracts, malicious actors can target unsuspecting users in decentralized finance (DeFi) markets¹².

Geopolitical Implications and Global ResponseState-sponsored crypto scams, such as those perpetrated by North Korea's Lazarus Group, represent a growing challenge for international law enforcement agencies, cybersecurity experts, and financial regulators. These attacks not only steal billions in digital assets but also pose significant risks to global financial stability and cybersecurity.

The global response has been mixed. While nations like the U.S. and South Korea have taken steps to impose sanctions on North Korean entities and individuals involved in cybercrime, much more needs to be done to curb the increasing sophistication of state-backed hackers. Coordination between international law enforcement agencies, private sector companies, and national governments is essential in developing effective countermeasures to combat these threats¹³.

Conclusion

As nation-states continue to explore and exploit the world of cryptocurrency for illicit activities, it’s clear that the digital financial system is facing a new wave of threats. North Korea’s Lazarus Group is perhaps the most notorious example of a state-backed actor using crypto for financial gain, but other nations are quickly catching on, employing a wide range of strategies to manipulate the market. The battle against these cybercriminals will require greater cooperation and innovation in cybersecurity, regulation, and international diplomacy to protect the future of digital finance¹⁴.

References

1. U.S. Cybersecurity and Infrastructure Security Agency, "Lazarus Group Cyber Activities," 2020.

2. Coincheck, "Hack of Coincheck Exchange," 2018.

3. KuCoin, "2020 KuCoin Exchange Hack Report," 2020.

4. Reuters, "Ransomware Attacks and Cryptocurrency Payments," 2021.

5. U.S. Department of the Treasury, "Sanctions and North Korea," 2020.

6. Chainalysis, "Crypto Exchange Hacks: Trends and Insights," 2021.

7. Wired, "State-Sponsored Pump-and-Dump Schemes," 2020.

8. BBC News, "Fake ICOs and Cryptocurrency Fraud," 2021.

9. Europol, "Cryptojacking and Nation-State Actors," 2020.

10. The Verge, "Ransomware and Double Extortion," 2021.

11. Cointelegraph, "Monero and Privacy Coins: The Future of Crypto?" 2020.

12. Blockchain Research Institute, "Malicious Smart Contracts and Blockchain Security," 2021.

13. United Nations, "International Cybercrime: Responses and Strategies," 2021.

14. International Monetary Fund, "The Future of Digital Finance and Cybercrime," 2021.