North Korea Is Targeting South Korea's Bitcoin Exchanges, Report Claims

Actors tied to the isolated nation have been involved in attacks on crypto exchanges in South Korea, a prominent U.S.cybersecurity firm said.

AccessTimeIconSep 12, 2017 at 9:28 p.m. UTC
Updated Sep 13, 2021 at 6:55 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

North Korea, a pariah state widely believed to have been behind cyberattacks on financial institutions around the world, may also have tried to pilfer cryptocurrencies to get around sanctions.

Actors tied to the isolated nation have been involved in attacks on cryptocurrency exchanges in South Korea, FireEye, a prominent cybersecurity firm, said in a report today.

"Since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds," Luke McNamara, a senior cyber threat intelligence analyst at FireEye, wrote in a blog post published Monday. "The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware ... linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016."

The claims come at a time when the communist nation's relations with the international community – never all that warm – have been particularly frosty.

On Tuesday, the UN Security Council unanimously approved new sanctions against North Korea a week after it conducted its sixth and largest nuclear test to date.

McNamara's post did not identify the three exchanges allegedly targeted or give any indication that the theft attempts were successful. An incident in April, in which wallets at the South Korean exchange Yapizon were compromised, cannot be clearly tied to North Korean actors, he wrote.

Cryptocurrency may be an appealing way for Pyongyang to skirt international financial controls, suggested McNamara, who is based in the Washington, D.C., area.

"If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies such as South Korean won, US dollars, or Chinese renminbi," McNamara wrote, adding:

"As the regulatory environment around cryptocurrencies is still emerging, some exchanges in different jurisdictions may have lax anti-money laundering controls easing this process and make the exchanges an attractive tactic for anyone seeking hard currency."

The Permanent Mission to the United Nations of the Democratic People's Republic of Korea did not immediately respond to a request for comment.

North Korea image by Shutterstock.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.