North Korean hackers, known for their involvement in some of the largest cryptocurrency attacks, have shifted their focus to US-based exchange-traded funds (ETFs) associated with Bitcoin and Ethereum, according to an FBI warning.
In a public service announcement released on September 3, the FBI alerted the public about cybercriminals from North Korea conducting extensive research on various targets connected to cryptocurrency ETFs over an extended period. The warning stated that this research included pre-operational preparations, suggesting that North Korean actors might attempt malicious cyber activities against companies linked to cryptocurrency ETFs or other cryptocurrency-related financial products.
The FBI reiterated that North Korean attackers utilize sophisticated techniques to steal funds and represent a persistent threat to companies holding substantial amounts of cryptocurrencies.
This warning from the FBI coincides with reports of a surge in attacks by North Korean hackers within the cryptocurrency domain. In September 2024, Benzinga reported a substantial increase in North Korean state-sponsored hacking activities aimed at stealing digital assets. The stolen funds reportedly doubled to $1.6 billion.
Funds lost to cryptocurrency heists nearly doubled year-over-year, climbing from $857 million to $1.58 billion by the end of July, with cybercriminals from North Korea being the primary perpetrators.
The UN Security Council’s panel of experts on North Korea reported in September 2023 that North Korean hackers had stolen an estimated $3 billion in cryptocurrencies since 2017. The notorious criminal syndicate, Lazarus Group, has been at the forefront of these attacks. They are suspected of laundering over $35 million from the infamous hack of Japanese cryptocurrency exchange DMM Bitcoin in May. Additionally, on-chain investigations pointed to the group’s involvement in stealing $230 million from Indian cryptocurrency exchange WazirX in July.
This latest warning highlights the vulnerability of cryptocurrency ETFs, particularly given that Coinbase serves as the custodian for a significant number of these funds. The reliance on a single custodian raises concerns about a potential single point of failure, making it a critical target for hackers.
