North Korea Is Targeting South Korea's Bitcoin Exchanges, Report Claims

Actors tied to the isolated nation have been involved in attacks on crypto exchanges in South Korea, a prominent U.S.cybersecurity firm said.

AccessTimeIconSep 12, 2017 at 9:28 p.m. UTC
Updated Sep 13, 2021 at 6:55 a.m. UTC

North Korea, a pariah state widely believed to have been behind cyberattacks on financial institutions around the world, may also have tried to pilfer cryptocurrencies to get around sanctions.

Actors tied to the isolated nation have been involved in attacks on cryptocurrency exchanges in South Korea, FireEye, a prominent cybersecurity firm, said in a report today.

"Since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds," Luke McNamara, a senior cyber threat intelligence analyst at FireEye, wrote in a blog post published Monday. "The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware ... linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016."

The claims come at a time when the communist nation's relations with the international community – never all that warm – have been particularly frosty.

On Tuesday, the UN Security Council unanimously approved new sanctions against North Korea a week after it conducted its sixth and largest nuclear test to date.

McNamara's post did not identify the three exchanges allegedly targeted or give any indication that the theft attempts were successful. An incident in April, in which wallets at the South Korean exchange Yapizon were compromised, cannot be clearly tied to North Korean actors, he wrote.

Cryptocurrency may be an appealing way for Pyongyang to skirt international financial controls, suggested McNamara, who is based in the Washington, D.C., area.

"If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies such as South Korean won, US dollars, or Chinese renminbi," McNamara wrote, adding:

"As the regulatory environment around cryptocurrencies is still emerging, some exchanges in different jurisdictions may have lax anti-money laundering controls easing this process and make the exchanges an attractive tactic for anyone seeking hard currency."

The Permanent Mission to the United Nations of the Democratic People's Republic of Korea did not immediately respond to a request for comment.

North Korea image by Shutterstock.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.