North Korean hackers have allegedly attacked users of South Korean exchange UpBit with a clever phishing exploit.

According to data released by the security company East Security, the hacker attempted a cyberattack by sending a phishing e-mail on May 28. The subject of the mail suggested that UPbit needed more information regarding a fictional sweepstakes payout for tax purposes. The mail did not come from the exchange but from another server outside of South Korea.

The email contained a file claiming to contain documentation for the payout. According to East Security, running this file displayed what looked like a normal document but would activate malicious code. It would then send data about the user’s machine as well as exchange logins to the hackers and then connect the machine to a command-and-control system for later remote access.


East Security believes that this cyber attack came from a North Korean hacking group.

“In analyzing attack tools and malicious codes used by hacker groups, there are unique characteristics we saw,” said Mun Chong Hyun, head of the ESRC Center at East Security. He noted that these are similar to another attack called Operation Fake Striker that attacked Korean government agencies earlier this month.

The hackers also used the same techniques in January to target reporters, though this seems the first attack by the suspected group on a crypto firm.

“As bitcoin prices rise, more and more people are using exchanges. What this means to the hackers is that the number of targets have increased, and so have the chances of stealing cryptocurrencies stored in the exchanges,” said Mun Chong Hyun.

In a clever move, the hackers password-protected the malicious file with the word “UPBIT.” This means that traditional anti-virus tools would not be able to detect the malicious code.

“We have not heard of any reported damage,” noted Mun Chong Hyun. “In order to avoid cyber attacks, you should not install or click suspicious files or documents.”

Research by Park Geunmo at CoinDesk Korea.
Image via Shutterstock

Disclaimer Read More

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

This article is intended as a news item to inform our readers of various events and developments that affect, or that might in the future affect, the value of the cryptocurrency described above. The information contained herein is not intended to provide, and it does not provide, sufficient information to form the basis for an investment decision, and you should not rely on this information for that purpose. The information presented herein is accurate only as of its date, and it was not prepared by a research analyst or other investment professional. You should seek additional information regarding the merits and risks of investing in any cryptocurrency before deciding to purchase or sell any such instruments.