North Korean APTs Stole ~$400M in Crypto in 2021

Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & Kim Kardashian to promote EMAX Tokens.

Vast amounts of cash sloshing around in cryptocurrency markets are proving irresistible for cybercriminals and scammers of all kinds.

From basic financial pump-and-dump schemes to straight-up nation-state cybertheft, nascent crypto markets, and their investors – often with dubious understanding of how they really work – have become prime targets for crypto scammers.

North Korean-backed cybercrime groups, including APT 38/Lazarus Group, have turned their talents and resources exclusively toward ripping off crypto markets, according to a new report from Chainalysis. In 2021, the number of North Korean-sponsored crypto attacks grew from four to seven and netted the crooks $400 million, which was a 40 percent increase over 2020, Chainalysis found.

Infosec Insiders Newsletter
The North Korean regime has found success with its complicated crypto-laundering operation through Asian exchanges that trade crypto for national currency with few questions, or a “fiat-to-crypto” exchange.

But before these groups can cash out, they are laundered through software “mixers,” the report added.

“DPRK is a systematic money launderer, and their use of multiple mixers – software tools that pool and scramble cryptocurrencies from thousands of addresses – is a calculated attempt to obscure the origins of their ill-gotten cryptocurrencies while offramping into fiat,” the researchers explained.

Stolen crypto funds are also run through a DeFi platform, so it can be traded for Ethereum or Bitcoin, which are more easily converted to cash, the team at Chainalysis added.

In total, the North Korean regime controls $170 million in crypto balances, garnered from 49 individual hacks conducted between 2017 and 2021.

Simpler Scams for Crypto Cybercriminals

The Lazarus hacks represent a highly technical and well-funded end of the crypto-criminal spectrum, but other crooks – including high-flying celebs – allegedly rely on analog versions of scams to steal cryptocurrency.

A new lawsuit filed in California alleges that crypto company EtherumMax (PDF) leveraged celebrity promotions from boxer Floyd Mayweather Jr., social media beast Kim Kardashian and basketball player Paul Pierce, to artificially jack up the price of EMAX tokens so EthereumMax execs could cash out for a huge profit – an old financial market scheme called a “pump and dump.”

The class action lawsuit was filed on behalf of investors who purchased the inflated EMAX tokens as an investment that they claim the company’s leadership itself rendered worthless.

“In plain terms, EthereumMax’s entire business model relies on using constant marketing and promotional activities, often from ‘trusted’ celebrities, to dupe potential investors into trusting the financial opportunities available with EMAX Tokens,” the lawsuit alleges.

Cash Getting Pumped into Crypto

As criminals begin to stake their claim in the unregulated crypto-universe, investors across the globe, and even nation states like El Salvador and Turkey, are looking to Bitcoin and other crypto investments as a tool to stave off rampant inflation.

Crypto markets hemorrhaging millions to cybercriminals every year and getting pumped full of fresh cash seems like a nearly irresistible target moving forward.

Cash Flooding Crypto Markets

“Cybercriminals follow the money – it is highly likely that as more money pours into the cryptosphere, more cybercriminals will increase their efforts to try to steal cryptocurrencies from victims,” Roman Faithfull, Cyber Threat Intelligence Analyst at Digital Shadows, told Threatpost via email. “Until the security posture that surrounds cryptocurrencies catches up with the technology that underlies them, cryptocurrency holders, in general, will remain attractive targets for cybercriminals.”

Besides the available cash, uninformed investors looking to get rich quick in cryptocurrencies make easy marks for social engineering scams, according to Hank Schless, with Lookout.

“Crypto investors are constantly looking for an edge in the market or what the next big currency that’s going to explode in value,” Schless explained to Threatpost. “Attackers can use this thirst for information to get users to download malicious apps or share login credentials for legitimate trading platforms they use.”

John Bambenek, a threat hunter with Netenrich, predicts security concerns will drive investors toward more privacy-driven assets like Monero in the future.

“The biggest problems with cryptocurrency are the compliance and governance factors,” Bambenek told Threatpost. “Once there is a direct cash to Monero pipeline that can operate at scale, much of how we track cryptocurrency will end. This means we’ll have to come up with new tools or new enforcement or regulatory regimes on those exchanges.”

Photo courtesy of Roof. Licensing details.

Password Reset: On-Demand Event: Fortify 2022 with a password security strategy built for today’s threats. This Threatpost Security Roundtable, built for infosec professionals, centers on enterprise credential management, the new password basics and mitigating post-credential breaches. Join Darren James, with Specops Software and Roger Grimes, defense evangelist at KnowBe4 and Threatpost host Becky Bracken. Register & Stream this FREE session today – sponsored by Specops Software.

Suggested articles