North Korean hacking activity ceases after regulators implement KYC – Report

Intelligence officials that out of $620 million in crypto stolen by North Korean hackers this year, none were related to South Korea.

According to a new press report published by South Korea’s National Intelligence Service (NIS), North Korean hackers have stolen more than 800 billion Korean won ($620 million) worth of cryptocurrencies from decentralized finance, or DeFi, platforms this year. The agency also revealed it blocked a daily average of 1.18 million attacks perpetrated by national and international hacking organizations in November. 

However, a NIS spokesperson revealed via local news outlet Kyunghyang Shinmun that all of the $620 million stolen by North Korean hackers through DeFi exploits occurred overseas, adding: 

“In Korea, virtual asset transactions have been switched to real-name transactions and security has been strengthened, so there is no damage.”

Many funds have been lost in DeFi exploits this year. Source: Token Terminal

In 2021, South Korea implemented new know-your-customer (KYC) cryptocurrency trading rules requiring clients to create a real-name account with the same bank as their cryptocurrency exchange to deposit or withdraw funds. Both the bank and the exchange are then required to verify the client’s identity. In addition, exchanges must obtain a license from the Financial Services Commission before commencing operations.

North Korean hacker syndicates, such as Lazarus Group, have been linked to a number of high-profile DeFi breaches this year, such as the $100 million Harmony attack. Experts said that such attacks are a means of generating foreign currency reserves in the face of strict commercial sanctions imposed by the international community. The NIS also warned that North Korean cyber attacks would intensify next year:

“It is necessary to analyze attacks as closely as defenses. Because one hacker organization has all the attack information and does not forget it. It is necessary to gather information related to malicious code scattered by various attackers to find meaningful insights.”