Cybersecurity solutions provider Group-IB is about to release a report that implicates a North Korean hacking group in $571 million worth of cryptocurrency exchange hacks.
This is according to reporting by The Next Web, which says it has obtained a summary of the upcoming report. The state-sponsored hacking group, named "Lazarus," is based in North Korea and thought to be responsible for a number of attacks on major cryptocurrency exchanges since February 2017.
The $571 million, out of a total of $882 million that has been hacked from cryptocurrency exchanges, would make Lazarus the most profitable hacking group in the world. If correct, it would also mean that more money from cryptocurrency exchange thefts goes to North Korea than any other country.
Lazarus is suspected of one of the biggest cryptocurrency hacks to date, that of Coincheck in Japan in January 2018. Coincheck lost 523 million in NEM tokens, worth around $534 million.
The state-sponsored group was also reportedly involved in the hacks of South Korean exchanges Yapizon in April 2017, and the recent Bithumb hack in June 2018. Yapizon lost 3,816 BCH, worth $5.3 million, and Bithumb was hacked to the value of $32 million.
The Lazarus group has been active for a number of years, previously presumed responsible for hacking Sony Pictures in 2014. Lazarus is suspected of creating and using malware that also attacks consumer and business systems.
Reports by Bleeping Computer in August 2018 said that Kaspersky Labs had found Lazarus using a Mac malware strain for the first time in a download of cryptocurrency trading software. Vitaly Kamluk of Kaspersky Lab commented at the time:
"The fact that they developed malware to infect macOS users in addition to Windows users and – most likely – even created an entirely fake software company and software product in order to be able to deliver this malware undetected by security solutions, means that they see potentially big profits in the whole operation, and we should definitely expect more such cases in the near future."
It's unclear as yet what evidence Group-IB has that Lazarus is responsible for $571 million worth of hacks. However, Lazarus has been widely cited in the hacks, with The Japan Times reporting in February that South Korea's national spy agency suspected the group of a number of these attacks but had no hard evidence.
Group-IB is a global group investigating high-tech crimes and online fraud using computer forensics. The full report, when released, will be its annual report on trends in cybercrime. The report is also set to reveal that 10 percent of funds raised in recent initial coin offerings (ICOs) have been stolen, and that cryptocurrency fraudsters are using new methods, like data theft and blackmail, to target investors.