According to a new press report from South Korea’s National Intelligence Service (NIS), North Korean hackers have stolen more than 800 billion Korean won ($620 million) worth of cryptocurrencies from decentralized finance platforms, or DeFi, this year. In November, the agency also announced blocking an average of 1.18 million daily attacks from national and international hacking organizations. However, a NIS spokesperson revealed via local news outlet Kyunghyang Shinmun that in all, $620 million stolen by North Korean hackers through DeFi exploits took place abroad, adding: “In Korea, the virtual asset transactions became transactions changed with real name and security has been strengthened, so there is no harm.”
In 2021, South Korea introduced new know-your-customer (KYC) cryptocurrency trading rules requiring customers to open an account in their real name with the same bank as their cryptocurrency exchange to deposit or withdraw funds. The bank and the exchange must then verify the customer’s identity. Additionally, exchanges must obtain a license from the Financial Services Commission before they begin operations. North Korean hacking syndicates like Lazarus Group have been linked to several high-profile DeFi breaches this year, including the $100 million Harmony attack. Experts said such attacks are a means to generate foreign exchange reserves in the face of strict trade sanctions imposed by the international community.
The NIS also warned that North Korean cyberattacks would intensify over the next year:
“It is necessary to analyze the attacks as precisely as the defense. Because a hacking organization has all the information about the attack and does not forget it, it is necessary to collect information about the malicious code propagated by different attackers to find helpful information.