North Korean Hackers Steal Millions of Dollars in Bitcoin

    19 December, 2017

    North Korean hackers have taken millions of dollars in virtual currencies like bitcoin in recent attacks over the internet.

    Virtual currencies are forms of money that are not overseen by governments but are exchanged digitally and controlled by their developers.

    Security experts expect more attacks as economic sanctions drive North Korea to seek new ways to get money.

    North Korean hackers have been blamed for a number of cyberattacks in the past, including a computer virus known as WannaCry. The cyberattack affected hospitals, banks and companies around the world this year.

    A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, May 15, 2017.
    A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, May 15, 2017.

    Experts say the fast rise in the value of bitcoin makes it and other "cryptocurrencies" a good target for North Korea.

    One Bitcoin was valued at around $19,000 on Tuesday, up from less than $1,000 at the beginning of 2017.

    In South Korea, exchanges like Bithumb, Coinis and Youbit have hosted between 15 to 25 percent of the world's bitcoin trading. Researchers told Reuters that there is digital evidence that North Korean hackers have attacked the exchanges.

    On Tuesday, Youbit said it had suffered a cyber attack and lost 17 percent of its assets. The attack forced the exchange to halt operations and to seek legal protection from its creditors.

    The cyber attackers were not identified. But one cyber security researcher said the attack was similar to an earlier one linked to North Korea. The researcher said he was not authorized to speak about the matter as it was being investigated. The findings have not been independently confirmed.

    North Korea has rejected accusations that it has been involved in hacking. Representatives of Bithumb and Coinis declined to comment.

    South Korea's Unification Ministry deals with North Korean affairs. A spokesman for the ministry said on Monday the government was considering "countermeasures", including more sanctions, because of the cyberattacks.

    Infected emails

    South Korea's intelligence service reported that about $7 million in cryptocurrencies were stolen in earlier attacks on other exchanges. The information was reported in South Korea's Chosun Ilbo newspaper.

    Moonbeom Park is a researcher at the Korea Internet and Security Agency. He told Reuters that the amount could now be $82 million after the latest attacks.

    Park said the attacks over the summer were "virtually identical" to earlier ones connected to North Korea.

    The hackers began by stealing customers' personal information, including names and email addresses. Some of those customers then received emails with infected documents designed to look as if they were from South Korea's National Tax Service or another official agency.

    The infected document, once opened, permitted hackers to control the user's computer. The hackers then would get to the user's bitcoin account either on the computer, or on the bitcoin exchange's server. Other researchers said the exchanges were also attacked using fake email accounts.

    Cristiana Brafman Kittner is with the cybersecurity company FireEye. She could not confirm whether North Korea had actually stolen any virtual currencies. But she said hackers linked to it had targeted, in her words, "multiple exchanges" over the past six to nine months.

    "We believe that some of the criminal activity we are observing, originating from North Korea, is a result of the regime looking for alternative sources of revenue," she said.

    I'm Mario Ritter.

    Hai Do adapted this story for Learning English based on Reuters news reports. Mario Ritter was the editor.

    Write to us in the Comments Section or on 51VOA.COM.


    Words in This Story

    virtual –adj. existing on a computer or the internet

    sanctions –n. measures meant to cause a country to observe international law usually by limiting trade

    hacker –n. a person who secretly gets into a computer system to get information or to cause damage

    cyberattacks –n. an attack on a computer system or network to gain information, cause problems or damage

    cryptocurrencies –n. digital currency that uses digital security measures to prevent it from being copied or misused

    authorized –adj. permitted

    originate –v. to come from

    alternative –adj. another, a different choice