Close Menu
Invest Intellect
    Facebook X (Twitter) Instagram
    Invest Intellect
    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Commodities
    • Cryptocurrency
    • Fintech
    • Investments
    • Precious Metal
    • Property
    • Stock Market
    Invest Intellect
    Home»Cryptocurrency»The Wallet Inspectors: The DPRK’s Sophisticated Campaign to Steal Cryptocurrency and How to Protect Yourself | Faegre Drinker Biddle & Reath LLP
    Cryptocurrency

    The Wallet Inspectors: The DPRK’s Sophisticated Campaign to Steal Cryptocurrency and How to Protect Yourself | Faegre Drinker Biddle & Reath LLP

    March 6, 20255 Mins Read


    On February 21, 2025, Bybit, one of the world’s largest cryptocurrency exchanges, suffered a cyberattack resulting in the theft of approximately $1.5 billion in Ethereum tokens.  This attack marked a new pinnacle in the criminal efforts of cyber actors tied to the Democratic People’s Republic of Korea (“North Korea” or the “DPRK”).  In recent years, these malicious actors have increasingly targeted the cryptocurrency industry, leveraging sophisticated tactics to steal and launder digital assets for the ultimate benefit of funding the North Korean government.  These high-profile and high-dollar-value exploits underscore the ongoing risk from the DPRK cyber threat and the need for private sector actors to implement appropriate cybersecurity measures to combat these threats.  The threat is particularly acute since most interactions with these actors raise the additional risk of committing a violation of U.S. sanctions, with corresponding civil and criminal legal exposure.

    This blog post delves into the details of recent cybercriminal activity attributed to actors tied to North Korea, their impact on the cryptocurrency sector, and the steps organizations should consider to mitigate those risks.

    Bybit, TraderTraitor, and the DPRK Cyberthreat

    The Bybit theft has been attributed by the Federal Bureau of Investigation to the DPRK cyber actors using a series of malware-laced cryptocurrency applications known as “TraderTraitor.”  The theft was wildly successful:  the amount stolen nearly doubles the amount attributed to cybercrime by DPRK-affiliated actors in the entirety of 2024.

    These North Korean cyber actors are known across the cybersecurity community as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima, and have been active for years.  According to a 2022 Joint Cybersecurity Advisory from the U.S. government (the “Joint Advisory”), these actors have targeted a variety of organizations associated with cryptocurrency, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, cryptocurrency trading companies, venture capital funds, and individual holders of large amounts of digital current or non-fungible tokens (NFTs).

    Their methods often involve social engineering, phishing campaigns, and exploitation of software vulnerabilities to gain unauthorized access to digital assets.  As explained in the same Joint Advisory—which includes substantial technical information and computer code for cybersecurity experts—the actors use a multi-step process to achieve their criminal objective:

    • Engage in a spear phishing message campaign targeting system administrators, software developers, and IT professionals. The messages are designed to look like employment recruiting efforts and encourage the targets to download a cryptocurrency application laced with malware (the “TraderTraiter applications”).
    • The TraderTraitor applications purport to be cryptocurrency trading or price prediction tools, and the campaigns feature websites with modern designs and advertisements to make it appear legitimate.
    • Once downloaded and used by the target, the TraderTraitor applications often deploy a remote access trojan (RAT) that can collect system information, execute commands, and download additional payloads.
    • Once compromised, the actors are able to steal private keys and other information that allows them to gain access to and steal cryptocurrency.

    The Bybit hack also highlights the alarming speed and efficiency at which North Korean hackers have been able to launder stolen funds.  It has been reported that, within 48 hours of the hack, at least $160 million had been funneled through illicit channels, surpassing $400 million by February 26, 2025.  Security experts and law enforcement have observed that the rapid laundering process involves multiple intermediary wallets, conversion into different cryptocurrencies, and the use of decentralized exchanges, cross-chain bridges and cryptocurrency mixers to obfuscate the digital trail.

    The DPRK, Bounty Programs & Sanctions

    One of the more unique issues with DPRK cybercrime is its interaction with the U.S. sanctions regime.  The U.S. government’s North Korea Sanctions Program, primarily administered by the Office of Foreign Assets Control (OFAC), prohibits virtually all transactions with an individual or entity affiliated with the DPRK government absent a license.  There are criminal penalties for willful violations of these sanctions, but even inadvertent violations create a risk of civil enforcement and significant financial penalties.  In this context, U.S. persons engaging in cryptocurrency transactions with actors tied to the Lazarus Group and TraderTraitor may risk violating U.S. sanctions, whether or not they are aware of their ties to the DPRK.

    How to Mitigate Risk

    As recommended by experts including the FBI and CISA, the private sector should consider a number of steps to mitigate the risk of being targeted and successfully attacked by the DPRK:

    • Stay apprised of cybersecurity advisories from law enforcement and incorporate the information they provide—such as the list of Ethetereum addresses released by the FBI related to the ByBit hack—into your security program.
    • Applying “defense-in-depth security,” including security principles such as least access models and network segmentation to prevent lateral movement.
    • Maintaining a timely vulnerability and patch management program.
    • Enforcing credential requirements and multi-factor authentication (MFA) (but note that MFA vulnerabilities have been exploited by sophisticated cyber actors).
    • Educate your employees to recognize and reject social engineering techniques and phishing attempts.
    • Disable HTML in emails, scan email attachments, and monitor or restrict access to newly registered domains.
    • If you are hacked, be mindful of the additional risk of a potential sanctions violation and seek expert legal counsel to assist with both the incident mitigation efforts and strategic decisions surrounding any potential response to the threat actors.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Fake Uber Driver in London Drugs US Tech Investor with Cigarette, Steals £96K in Cryptocurrency

    Cryptocurrency

    SEC Dismisses Lawsuit against Binance

    Cryptocurrency

    India’s Digital Payment Surge: Currency and Convenience

    Cryptocurrency

    Appeal against important court ruling about cryptocurrency in South Africa – MyBroadband

    Cryptocurrency

    CoinClinic: What is Cryptocurrency? – Numismatic News

    Cryptocurrency

    DOL Rescinds 2022 Guidance Cautioning Against 401(k) Plan Investments in Cryptocurrencies | Proskauer – Employee Benefits & Executive Compensation Blog

    Cryptocurrency
    Leave A Reply Cancel Reply

    Top Picks
    Cryptocurrency

    CBDCs (Central Bank Digital Currencies) Regulations Stats 2025 • CoinLaw

    Investments

    Vietnam’s property market bounces back after scandalous downturn

    Commodities

    Trends and Analysis • Carbon Credits

    Editors Picks

    Back to basics : Actifs à haut risque « Junk Assets »

    April 8, 2025

    Apex Fintech Solutions Acquires FinTron

    October 17, 2024

    Analyzing Visionary Education Technology Holdings Group (NASDAQ:VEDU) and Chegg (NYSE:CHGG)

    July 18, 2024

    After years of delay, former Toys ‘R’ Us headquarters in NJ will be turned into housing

    October 19, 2024
    What's Hot

    Michael Saylor Makes Epic Bitcoin Statement as BTC Price Hits $60,000 By U.Today

    July 14, 2024

    “Morocco Fintech Center”, un guichet commun pour les fintechs – Telquel.ma

    May 2, 2025

    Frontier District to host meeting on drone use in agriculture – Osage County Online

    August 14, 2024
    Our Picks

    Here Are My Top 5 High-Yield Dividend Stocks to Buy in March

    March 8, 2025

    South Korea proposes three-year delay for cryptocurrency taxation

    July 15, 2024

    États-Unis. Donald Trump présente la « gold card », un visa à… cinq millions de dollars

    April 4, 2025
    Weekly Top

    Ambiance rock garantie au Puy-Sainte-Réparade avec le groupe pop rock Silver Fox au château La Coste

    June 1, 2025

    Quand le métal devient métaphore de l’élévation : le 71e congrès des Compagnons serruriers du Devoir a réuni plus de 500 personnes à Nîmes

    June 1, 2025

    Dividend & Stock Split: TCS, Tata Motors, Coforge Among Shares To Trade Ex-Date This Week

    May 31, 2025
    Editor's Pick

    Research into nano-urea can transform our agricultural sector

    May 25, 2025

    The genesis of cryptocurrency – Moneyweb

    February 25, 2025

    Protecting domestic agriculture through trade policy – AgriNews

    October 10, 2024
    © 2025 Invest Intellect
    • Contact us
    • Privacy Policy
    • Terms and Conditions

    Type above and press Enter to search. Press Esc to cancel.