This week, US authorities linked North Korean hackers to the landmark $625 million Axie Infinity crypto scam, and the massive hack signifies the rise of a new kind of national security threat, according to a blockchain expert.
The US Treasury Department added an Ethereum wallet address to its sanctions list after the wallet facilitated transfers of more than $86 million of the stolen funds.
Hacking teams Lazarus and APT38, both linked to North Korea, were behind the theft, the FBI said in a statement, and the funds are generating revenue for the Kim Jong Un regime.
Ari Redbord, head of legal and government affairs at blockchain research firm TRM, says the attack shows that even a nation as isolated as North Korea can engage in new-age cyber warfare.
“In recent years, North Korea has carried out many attacks,” Redbord told Cryptobtcbrowser. “But the magnitude of this shows that things have gone from small exploits to real national security concerns. It’s staggering: a bank robbery at the speed of the internet.”
For years, North Korean actors have been responsible for cyberattacks, including a high-profile hit against Sony in 2014. But groups like Lazarus have become increasingly sophisticated and ambitious.
Meanwhile, companies within the nascent crypto industry are still finding their footing when it comes to cybersecurity, leaving them vulnerable to hacking groups constantly refining their tactics.
“North Korea realized that an attack on an online retailer was one thing, but going after cryptocurrency exchanges is a more effective way to fund destabilizing activities at very little cost to them,” Redbord added.
The country was an early adopter of cryptocurrency money laundering, he added, and there are no signs of bad actors curtailing their efforts as it has been shown to be extremely profitable.
Additionally, Redbord noted that social engineering attacks, such as the Axie Infinity infiltration, are becoming more advanced.
These hacks are not a consequence of simple, mass-phishing emails, he stated, but nuanced and targeted attacks on specific individuals.
The new digital battlefield
Although North Korea has an extremely small economy and limited infrastructure, it has shown that it can engage in cyber warfare on a scale similar to global superpowers like the US and China.
The Axie Infinity hack in particular reinforced Redbord’s belief that the scale of digital attacks is increasing at such a rate that a new kind of war is emerging.
“Over the last year, we’ve moved from a post-9/11 world to a new digital battlefield,” Redbord said. “Nation-state actors know they need to go after crypto companies to finance the proliferation of real weapons, they are not just some hackers trying to finance a lifestyle.”
North Korea’s use of the Lazarus cluster confirms that the country’s isolated status and lack of modern infrastructure do not prevent it from engaging in cyber warfare on the world stage, Redbord explained.
The crypto industry is an excellent target for these attacks due to the volume of transactions and funds moving every day, but also because companies are not fully mature and may still be developing their own cyber security protocols.
Unfortunately, this means that many companies often don’t have the most up-to-date security measures in place, Redbord added.
“It all comes down to strengthening cyber defenses. We are still in a world where these companies are learning how to protect themselves, and now we have seen a small group responsible for the largest hack in crypto.” he said. “If there was ever any doubt that the hacks weren’t tied to national.