Go to listing page

North Korean Attackers' Peculiar Interest in Cryptocurrency

North Korean Attackers' Peculiar Interest in Cryptocurrency
Threat actors associated with the North Korean regime are reportedly targeting cryptocurrency exchanges. So far, the attackers have stolen $1.7 billion worth of cryptocurrency from the exchanges in the last five years.

Why target cryptocurrency exchanges?

Federal prosecutors from the U.S. believe that the Government of North Korea regards cryptocurrency as a long-term investment and is collecting crypto funds via illegal activities.
  • In a classified report, the U.S. National Intelligence Service (DNI) discovered that North Korea was financing its important policies (e.g. nuclear and missile development) using cybercrime.
  • North Korea’s dependence on cybercrime is growing due to international sanctions limiting the amount of money that the regime can earn from their coal exports to $400 million annually.
  • According to the UN Security Council, the estimated fraudulent profits from cyber crimes (including stealing cryptocurrencies) have reached $2.3 billion. Moreover, almost all banks worldwide are being targeted by cyberattacks.
  • The nation-state actors are creating a crypto fund reserve for stolen cryptocurrency for later use instead of cashing out immediately, claimed the officials.

The Apple Zeus malware in action

The North Korea-associated cyberattacks have been using the Apple Zeus malware to steal cryptocurrency. 
  • The report suggests that numerous Apple Zeus versions have been used in attacks against entities in 30 countries, since at least 2018.
  • Between 2019 and November 2020, the attackers could steal $316.4 million in cryptocurrency.


Cryptocurrency is a very lucrative target among cybercriminals and that's why it is being targeted widely. Thus, cryptocurrency exchanges are suggested to use additional layers of security, such as 2FA, hardware wallets, and storing private keys offline.

Cyware Publisher