North Korea Employs Realistic Trade Bot to Steal Bitcoin

Reading Time: 2 minutes

A group of North Korean hackers reportedly netted millions from various cryptocurrency exchanges, denominated in various cryptocurrencies.

North Korea’s Impressive Swindle

Lazarus Group, a North Korean hacking team, targeted several exchanges. One of them was DragonEx, in which they used a fake trading bot website that appeared to be very realistic in an effort to dupe targets.

Chainalysis reports that the group likely brought in at least $7 million. The firm says Lazarus became more sophisticated in 2019, and went to great lengths to achieve its relatively small take.

While the DragonEx hack was relatively small, it was notable for the lengths Lazarus Group went in order to infiltrate the exchange’s systems in a sophisticated phishing attack. Lazarus created a fake company claiming to offer an automated cryptocurrency trading bot called Worldbit-bot, complete with a slick website and social media presence for made up employees.

From there, the group even made up a fake software product that looked and felt much like what they were selling. The extent of the scam is impressive, especially noting how little they actually took by comparison to other hacks.

The software package is the key to the hack, as once it was downloaded, it installed malware on the victim’s computer. Chainalysis writes:

Lazarus Group hackers pitched a free trial of the software to DragonEx employees, eventually convincing someone to download it to a computer containing the private keys for the exchange’s wallets. From there, the hackers were able to make off with millions.

Increasingly Sophisticated Hackers

The firm says that Lazarus Group’s growing sophistication is a trend among hackers, and the speed with which they cash out their gains is another indicator.

Increasingly, exchanges are able to stop stolen funds from getting sold, but there are always the smaller exchanges that can’t respond fast enough. So a mass of BTC gets converted to Tether, and then the Tether gets moved somewhere else, where it can be converted to dollars, or something along those lines.

North Korea, as a country, is not very technologically advanced. They boast just one internet connection, provided by China, which is used by the government to get up to hijinks like stealing millions from crypto exchanges.

Nevertheless, North Korea has a massive army of hackers, all trained for the singular purpose of doing dirt in the name of the hermit kingdom.

The hackers must have done their homework. Chainalysis says the group’s creation of a front company, complete with a product, with the sole intention of duping exchange employees, “reveals the time and resources Lazarus has at its disposal, as well as the deep knowledge of the cryptocurrency ecosystem.”

Although the hackers may have had a clear understanding of what they were doing financially, it’s unlikely that they’re allowed to reap any of the rewards of their thievery. Instead, the money goes to the North Korean state, which no doubt desperately needs it.

North Korea has reportedly made around $2 billion altogether from hacking exchanges and other activities.