It is no overstatement to say North Korea is the cryptocurrency hacking capital of the world, if one report is to be believed.

Cybersecurity unit Group-IB is readying its annual report on trends in hi-tech cybercrime. According to a summary obtained by The Next Web, there have been 14 different attacks on cryptocurrency exchanges since January 2017. Five of them, resulting in the theft of at least $571 million, were by North Korea’s Lazarus.

The group’s haul is more than half the $882 million total for the 14 attacks, TNW said. Lazarus’ targets were the Yapizon, Coinis, YouBit and Bithumb exchanges in South Korea and Japan’s Coincheck. Those behind the other thefts are listed as unknown in the summary.

Overall, hackers were using spear phishing, social engineering and malware as ways to penetrate the exchanges.

“Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam [with an attachment] that has a malware embedded in the document,” according to the summary. “After the local network is successfully compromised, the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets.”

Group-IB expects more targeted attacks on cryptocurrency exchanges, and not just by Lazarus. It warns the most aggressive hacker groups that have traditionally attacked banks will now be shifting their attention to cryptocurrency exchanges.

As Willie Sutton once noted, it’s where the money is.

ThirtyK Staff
If you would like to contact the ThirtyK News Brief team, please email us at