North Korea's most powerful weapon in cyber warfare

It is considered the world's most effective hacker group: North Korea's shadow army Lazarus. They are responsible for dozens of cyber attacks - and billions in crypto money.

Among film industry scandals, "The Interview" is an exotic. No public mud-slinging, no disputes over shootings, not even intimate scenes. Instead, it has a plot with political explosives: the comedy, released in 2014, is about the plot to assassinate Kim Jong-Un. After North Korea's attempts to prevent the film's release through diplomatic channels failed, and at least some cinemas dared to show the film, a retaliation followed: a massive cyber attack on Sony Pictures - the first public attack on Lazarus. Since then, the North Korean hacker army has increasingly specialized in the crypto sector, which so far has offered little resistance.

Fear and terror in the crypto sector

The list of cryptoprotocols robbed of millions by Lazarus grows longer every year. Extremely lucrative last year was the attack on the Ronin Bridge, an interface between the Ethereum Blockchain and the NFT game Axie Infinity. More than $600 million in crypto assets was stolen. On-chain traces led to wallets linked to Lazarus.

The specter continues to haunt the crypto sector this year. As the series of attacks on crypto payment service provider Coinspaid showed, hackers are becoming increasingly insidious. For six months, the company was harassed with cyberattacks, mostly manipulating employees with psychological tactics known as social engineering. In early September, another case was revealed with the cryptocasino Stake.com. Lazarus also becomes suspected to be behind attack on crypto exchange Coinex. The three damage amounts combined: about $130 million.

DeFi: the money is on the street

The pros know how to abuse the vulnerabilities of smart contracts. Only already last year, Lazarus stole $1.7 billion in cryptocurrencies. Money that the United Nations says is being used to fund nuclear weapons programs. The industry must face this accusation: The sometimes negligent security measures make it unnecessarily easy for the North Korean regime to fill its coffers.

"Given that most victims of hacking are DeFi protocols, these developers need to prioritize prevention," warns Erin Plante, vice president of investigations at blockchain security firm Chainalysis. A key step: "extremely rigorous code audits" - protocols should be meticulously tested before juggling money. The goal should be a "gold standard," "the strongest and most secure smart contracts" can then "serve as templates for developers," says the blockchain expert.

Workers increasingly in the picture

Incidents like Coinspaid show that employees are increasingly being targeted. Erin Plante therefore advises more vigilance. Companies should upgrade, "invest in strong security strategies and tools, and train their employees to recognize suspicious communications."

Hackers often gain access through fraudulent emails called phishing. With this background, it is "very important to ensure that all employees of a company are vigilant and strengthen the technical aspect of cyber defense."

Cat and mouse

The crypto playground has so far been grazed extremely profitably by Lazarus. But according to Erin Plante, with "growing expertise of law enforcement in tracking funds," "more and more successful stolen funds have been frozen and seized." Meanwhile, funds stolen in the Axie Infinity hack are also frozen. The faster one responds, the greater the chances of success, says the expert: "Time is of the essence, quick action can prevent hackers from paying out their stolen money."

Even if the cards are dealt unevenly: Investigative agencies are not without a chance. By banning cryptomixers that anonymize transaction paths, thus facilitating money laundering, authorities such as the U.S. Treasury Department are trying to limit the damage. Lazarus reportedly laundered several hundred million US dollars through the mixing service Tornado Cash, which has since been shut down in the US. Tracking stolen money also makes it harder for Lazarus to access cryptocurrencies than it was a few years ago.

Who is Lazarus?

Little is still known about Lazarus. Not only is the number of members unclear - Erin Plante could not provide an estimate - but also how homogeneous the group, also known as Guardians of Peace, APT 38 or Hidden Cobra, is. What is undisputed is that the hacker collective works at the behest of the North Korean regime. Experts estimate that Lazarus may well be the largest hacker group in the world.