How North Korea Became A Crypto Hacking Powerhouse

the authoritarian nation evade global sanctions. But how did North Korea get so good at tricking crypto employers? And what does all of this mean for the security of these companies? This is geopolitics, and there's a lot of ugliness to this, But some of these tactics are really innovative. I mean they're very impressive. Bloom of reports to Jeff Stone joins me today to explain. Jeff, what a pleasure. Thank you so much for being here, Thank you for having me.

So what is it you do at Bloomberg? I read about cybersecurity, which is a busy task. It's a collision of crime and espionage and business and money and theft it's endlessly fascinating. That sounds fun even writing a lot about North Korea and hackers. What are North Korean hackers up to in crypto? They are similarly busy in crypto.

According to the United States, that is, North kreen hackers increasingly are focusing on on cryptocurrency services as a means of generating money on behalf of the government of Kim Jong Un. According to the US government, that is and um independent cybersecurity researchers. That means they are looking at everything from hacking exchanges. They're also impersonating people. They are sending fake jobless things and pretending to be people who they aren't in or to get as much information as

they possibly can about the world of virtual currency. So I'm a North Korea hocko. I look up somebody's linked in profile. Thought person seems like they have a fancy job at a fancy crypto company. I steal some of their credentials. I present them as my own. I try to interview at name and exchange. In the process of that interview. What am I doing. I'm trying to get information out of them. It's kind of like, you know, spying,

or is it something else? You're doing two things. I think you're you are trying to get as much information as you possibly can from the person that you're speaking with, because that just might help you if you don't get the job. You also are trying to get the job. According to the researchers that we have spoken with, they have observed freelance contractors if you will secure employment at

some of these services. We don't know which services candidly, but um, if they are involved in some of these bridge projects, for instance, or the future of Ethereum, that gives them not only a salary, which according to one recent US governmental alert, could be as much as dollars crypto Paz, and also it also does bring the espionage angle, as you just alluded to, like, yeah, we can kind of share this information in our country and use this

to kind of get around some of these sanctions. Right, So I'm not only interviewing because I want to get stuff out of my interview. I'm interviewing because, as you say, I'm actually trying to work there and find even more stuff outs. Right, And if you don't get the job or if you get fired, it's probably not the end of the world, because you're you're you're already employed. Yeah, right,

wild Now. So North Korea, when did they first start realizing the kind of crypto could be a meaningful revenue generator for them. It's difficult to peg that to a specific date, but some of the conversations that we've had indicate this would have happened probably four or five six years ago. You might remember the Bangladesh Bank heist um there was a number of financial, big financial hacks. They tried to steal a billion dollars from the Bangladesh Bank

um central Bank via the Swift network. Bangladesh, the central bank, which is pretty vulnerable to a cyber attack, has been attacked. It is a murky story, and it's a murky story about vulnerability, and it's about cyber Two sort of transactions. The first one was about eighty one million U S dollars. There was another attempted transaction nearly a billion dollars. People look at this and I think this is very, very shady. Indeed, that was kind of a big watershed moment in the

world of financial security. A lot of banks started to kind of improve the way that they were verifying that users are who they say they are, so right around that time is when cryptocurrency started to become more real. Last year, we know according to analysis, for instance, UM, some of these North Korean hackers were involved in like

seven hacks. We've already seen that, you know, significantly more and raising more money in the first half, so you know, you say, there there is even more money in this year, Like what are the sums that we're talking about? According to public charges, at least the Lazarus Group, which is North Korea's state sponsored hacking organization, took as much as six hundred million dollars in the hack on Xi Infinity

and March. That's already significantly more than they are accused of stealing last year, which was four hundred million dollars UM, and there have only been more incidents since then. The blockchain company Harmony said in June attacker stole an additional hundred million dollars and um, there's Nomad breach, which is still an investigation, but attackers stole a million from bridge

protocol tool there. So again it's hard to pin it down to its specific figure, but it's it's significantly we've seen that's that's a lot of money, and all of those are hacks that are big enough for you know, us to cover them here at Bloomberg. So there's certainly things that we're paying attention to. Well, what I'm getting from you is it sounds like the North Korean hackers are good at their jobs. Sure, let's talk about the people who seem to need to be better at their jobs. Like,

I'm a recruiter. Why am I getting spoofed by somebody with a fake resume? Like? What's going on? It's hard to find people? Just you know, this is not a problem that's limited to crypto. We know this is happening in other industries, the technology industry, software development, but crypto specifically is really being targeted. I think that it's also as they are trying to find the right people. Um, you do have to take steps to be more flexible

in terms of allowing remote work for instance. Or I was gonna say, like, are these folks flying from North Korea to the US. Not that we're aware of, but you know, there is a small number of people who have these skills, as you know, and um, as they as they try to find the right people, you kind

of need to make certain allowances. Maybe someone doesn't sound quite right on the phone, but Hey, they have this this skill and they're willing to take this salary for um X number of dollars, so we can't find anybody else to do it. So Okay, I'm a recruiter. I'm stressed, I'm busy. I have some CEO being like hire more people.

I'm hiring more people. Fine, humans make mistakes. But the thing that seems bigger to me is the fact that these as you describe them, crypto bridges, which you can think of as like protocols that let you move crypto from one thing to another thing, and you know, a highly simplified version of what's going on, these things get hacked a lot for a lot of money, fairly frequently. And that's before you get to the other like completely

run of the mill scams like fishing or spoofing. As an as an industry, is crypto getting better at its security practices, From like your perspective of someone who's covered this more broadly, from my perspective, it is not. Candidly. We talked about the Bangladesh bank hast a few years ago, there was a number of big financial hacks. I would expect personally this first six months of this year to really be kind of you know, no industry can stand

to lose x number billion dollars a year. It's it's embarrassing. It creates you know, there's the issues that have to do with trust, which obviously so much of um the root of this industry. So to lose so much money so quickly, we know that real people are are really losing significant amount of cash. And we're we're hearing candidly from people who are trying to get more into crypto and see it as a investment opportunity and something cool

and new and interesting to think about. And it's hard to know the difference between scams and real services because the names and you know, it's it's just really scary to hear about these massive dollar figures. Yeah, and this is this is an industry that loves to say, you know, do your own research, but it sounds like even the people who are doing their research are still getting into trouble.

Is there is there kind of a degree of sophistication that's being deployed against these companies or is it you know, much more run of the mill. It is it is as run of the mill as a typical email scam that you might have seen against a bank um a few years ago. We previously have have written about some instances where these crypto scammers were hijacked Twitter accounts for instance. Those Twitter accounts will be off to be verified. They belong to real people and often like heads of state,

you know, very specific people on the internet. Yet great example, they are soliciting donations. They are raising a ton of money in a very short amount of time, even before those crypto scams are removed from Twitter. So you know, I think there's some board a activity earlier this year that was fraudulent, or yeah, the board of Instagram got hacked because of you know, probably like social engineering. Somebody clicked on a link they shouldn't have clicked on. Social

engineering is not complicated stuff. It's it's sending a fake text message that looks real that tricks the wrong person into providing their user name password. You only need to do it successfully once in order to make a lot of money. So you know, as an example of that, I get constant text messages like pretending to be this is chased and you need to change your password, and here's this really skeptical looking link that you should click

on and give us all your information. But it can also be you know, somebody calling someone up and saying, hey, I work here and I've locked myself out of my password? Can you help me reset it? That seems to happen. We've also you all have also been reporting on things sim swapping, which sounds fun like, what does that mean? Exactly? Well, sim swopping is endlessly fascinating. Similarly broadly defined um it

involves you losing control of your phone number. So if you have your forgot passwords set up so that if you can't remember your credentials, it will send a text. It will send a text to your phone. If someone identifies you as a particularly valuable target, they will call the phone company. There have been public charges, for instance, of crypto scammers or sim swappers, I should say bribing customer service employees at cell providers. A T T had

a major problem with this a few years ago. There have been a number of indictments against former A T T employees. They're not paid a lot of money when they're working in a retail store. It is as simple as bribing a retail employee to m make this change to someone's phone account. You take over their number. You then have access to their best words. So anybody who's texting me, whether that is you know, my Gmail rees set or like my friends in the group text, that's

all going to somebody else's phone. It's that's correct. You can access your phone at all, you can't access any

of your apps or your accounts. I should say that's not a problem with crypto necessarily, it's a problem with the way that users are authenticated typically in the United States, is not a problem as much elsewhere, but the way that our phone numbers have become social security I was going to say the same thing, they are super important, and that that is a real vulnerability that people are learning to exploit and make a lot of money rapidly.

We'll be right back with more from Bloomboog Reports at Jeffstone on the threat of North Korea and crypto. Is there anything that has proven effective against these crypto hackos and scammas, especially the North Korean groups. The problem with trying to stop some of these attacks in these campaigns is they are developing as quickly as this technology. Some of the kind stations that we had recently with folks from mandy It, for instance, indicated that no longer are

these hackers just targeting end users. They're no longer just targeting the exchanges. They are now trying to get jobs with these bridge services, for instance, and get an edge into um some of the changes to Ethereum that might be coming up. So I don't think there is any silver bullet to solving these issues. It's just a matter of constant diligence and really I think adopting the mentality that you are vulnerable and people are trying to get in there in ways that maybe you didn't expect. I

know that's not super helpful, but it's what we're seeing. Well. Certainly one of the other things that we're starting to see is that the US government is really cracking down, you know the recently the U. S. Treasury Department issued sanctions on something called a crypto mixer. And if if you think about what a crypto mixer is, it's a egine.

You have, you know, some bitcoins, some Ethereum, some she but you knew some doge and you want to, shall we say, obscure the origin of those various bits of currency and where you got them from. You would put them into a mixer, which effectively like anonymizes those transactions and spits out something that's a little bit harder to trace.

You can imagine that services like that might be very attractive to say, North Korean hackers, And so what what what is the U. S Treasury Department been trying to do with these services? They're trying to stop North Korean hackers from using them in whatever way they that they can.

What's particularly interesting about this is the way that these mixing services have become kind of an extension not in every case, in some cases, according to the US government, though they have become an extension of this larger UM cybercrime issue. You know, we we've saw as recently as as earlier this year allegations that a different mixing service

was used, particularly for ransomwares. So, um, it's not only this kind of large scale crypto AFT, it's when something is taken via extortion, they can you know, kind of run it through some of these UM mixing services to kind of hide their activity in a more effective way. And of course the goal of that is to make it harder to trace those funds and ever get them back for the people who have been scammed have to extort it. Yeah, like you said, pretty much an arms race.

It is very much as an arms race. It's very interesting in the U. S. Government. Look, I don't think a few years ago, UM, I'll speak for myself, I didn't expect the United States to move as quickly as they have in terms of trying to combat some of this stuff. We've seen some really big seizures over the past year or so that UM not long ago would have been obviously significantly more difficult. We know they're trying

to staff up very rapidly. Is there anything else that has surprised you other than perhaps the size and frequency of these hacks, like you, as a reporter in cybersecurity, suddenly now having to get up to speed on what a bridge is and what it makes. Yes, that has been that. Thank you for pointing that out. That's one's

extremely surprising to me. I didn't expect that. But the way that these suspected North Korean hackers are attuned to the culture of not only Western culture and the US, but really like Silicon Valley, there was there was research that came out from Google UM not long ago indicating that that this group, the Lazarus group, this is the

same group that carried out the Bangladesh bank heist. The same group that targeted Sony Pictures years ago and released all of those emails and um inspired a condemnation from former President Obama. The same group is now like creating fake versions of Indeed dot com creating fake versions of a Disney careers page, and they're using those in really targeted espionage operations to get a little bit of information from a very small, specific set of targets and it works.

So is really um, you know, this is crime, and this is this is geopolitics, and there's a lot of ugliness to this and obviously the North Korean government being what it is, but some of these tactics are really innovative. I mean they're very impressive and very there. They are surprising. No wonder they're get hired by crypto companies. Yeah right, it's kind of joke. That's a true story. Well, thank you so much for being on the podcast. I really

appreciate you taking the time. Thank you for having me. I'm such a fan. You can find more of Jeff stones reporting on the Bloomberg Terminal on Bloomberg dot com or follow him on Twitter. He's at Jeff Stone five hundred. On the next episode of Bloomberg Crypto. Cars, especially luxury cars, have always been a marker of wealth, but for many crypto investors, no single car has driven so much interest

as the Lamborghini. To better understand how the Lambo came to be one of the most visible status symbols in crypto, I'll be joined by Bloomberg Report to Hannah Miller and crypto venture capitalist Peter Saddington. This is Bloomberg Crypto, a daily podcast from Bloomberg and I Heart Radio. For more shows from I Heart Radio, visit the I Heart Radio app, Apple Podcasts, or wherever you get your podcasts. Send us your comments, questions, or suggestions for the show to Crypto

at Bloomberg dot net or find us on Twitter. We're at Crypto. The supervising producer of Bloomberg Crypto is Vicky Vergalina. Our senior producer is Janet Babin. Our producer is Shannon Barrero. Associate producer is Thy Butler. Desta wonder At is our engineer. Original music by Leo Sidrn. I'm Stacy Maria Shmal. We'll be back tomorrow