North Korea Employed a Fake Trading Bot on DragonEX Workers Author: Jimmy Aki Last Updated: 06 February 2020 Several reports from various organizations have revealed North Korea’s vested interest in cryptocurrencies and their ability to evade economic sanctions. Now, a new report is shedding even more light on how the country’s hackers are pilfering funds from cryptocurrency exchanges. Highlighting some of the exchange hacks that occurred in 2019, blockchain data analysis firm Chainalysis revealed in a new report that the Lazarus Group, a hacking group with close, established ties to Pyongyang, created a fake and compelling trading bot and offered it to workers at DragonEX. A Classic Phishing Attack According to the report, the hackers from the group went on to use the access gotten from this bot to steal about $7 million from DragonEX employees in March 2019, and although the amount is small compared to some of the other hacks that occurred throughout the past year, the report showed that the hackers did some major work to get that loot. The report showed that the hackers employed a sophisticated phishing attack, where they created a realistic and life-like website for a bogus company known as WFC Proof. To create legitimacy, they developed marketing material for it and even went as far as opening a social media page for it as well. Through the company, they marketed the Worldbit-bot, a trading bot program that was offered to employees on DragonEx. Like all malicious programs, the software looked like a legitimate trading bot, and was advertised as such. However, it contained malware which, upon installation on employees’ computers, collected the private keys to the Singapore-based exchange’s hot wallets and sent them to the hackers. North Korea’s Vested Interest in Crypto-Backed Financing The Lazarus Group is a famous hacker group, and so far, they’ve proved to be an important part of North Korea’s entire government funding plan. With heavy sanctions imposed by the United Nations and international community, the country has been put in a tight spot financially, as exports and other primary revenue generators have been cut off. Seeing no way to fund its arms program, the Kim Jong-un administration has resorted to stealing money from financial institutions across the world, and the Lazarus Group has been its primary enforcer. However, the group seems to have shifted its focus from traditional financial institutions to the crypto space in the past two years. Cryptocurrencies are unique as they can’t be controlled by any central authority, and their anonymous nature makes them a reliable and effective means of paying contractors and business partners who sell weapons and technical skills to the country. Last August, Reuters reported, citing a confidential report from the United Nations Security Council North Korea Sanctions Committee that proceeds from the group’s activities had eclipsed $2 billion- all of which have helped North Korea continue with its weapons development. As the report explained at the time, South Korea had been a particular target, with multiple institutions across the country losing money to Lazarus Group attacks. North Korea also held a blockchain and cryptocurrency conference late last year- one which landed Virgil Griffith, an Ethereum core developer- in legal trouble for attending without approval from the United States Treasury’s Office of Foreign Asset Control.