In this engaging discussion, Geoff White, an investigative journalist known for exposing North Korea's cyber warfare, joins John Wu, head of growth at Aztec Network. They dive into the chilling details of cryptocurrency heists, spotlighting the massive $75 million breach at NiceHash and the relentless tactics of North Korea's Lazarus Group. Geoff elaborates on the complexities of tracing stolen digital assets and the evolving risks in the crypto landscape, while John emphasizes the critical need for enhanced privacy measures in cryptocurrency transactions.
The rise of cryptocurrencies has led to an increase in cyber heists, with thieves targeting digital assets instead of physical ones.
The Lazarus Group, believed to be working on behalf of the North Korean government, was responsible for the NiceHash hack and subsequent cyber attacks on crypto companies.
North Korea uses stolen cryptocurrency to make international purchases, avoiding the need to repatriate the funds back to their home country.
Deep dives
The Rise of Cyber Heists
In the world of heist films, the traditional physical casino robberies depicted in movies like Ocean's 11 may be giving way to the realm of cyber heists. With the rise of cryptocurrencies, thieves are now targeting digital assets, and it's not visually stimulating to watch someone sitting at a computer transferring money. However, the potential for cyber heists in the future of cinema is intriguing, as art imitates life and cryptocurrency theft becomes more prevalent.
The NiceHash Hack
One notable cyber heist occurred in December 2017 when NiceHash, a popular Bitcoin mining pool, was hacked. The attackers infiltrated the company's network through a phishing email and gained access to NiceHash's Bitcoin wallet private keys, allowing them to drain millions of dollars' worth of Bitcoin. While it's uncertain exactly how much was stolen due to the volatile nature of Bitcoin's value, it was estimated to be around $75 million at the time. The incident highlighted the vulnerability of cryptocurrency exchanges to sophisticated cyber attacks.
North Korea's Crypto Heist Campaign
The investigation into the NiceHash hack led to the revelation that the Lazarus Group, believed to be working on behalf of the North Korean government, was responsible. This marked North Korea's foray into stealing cryptocurrencies. Subsequently, they targeted various crypto companies with sophisticated phishing attacks, using social engineering techniques to trick employees into downloading malicious software. The stolen cryptocurrencies were then laundered using techniques like peel chain laundering, where smaller amounts are gradually transferred to different wallets and exchanges to avoid detection. North Korea's increasing focus on cyber heists, alongside their previous history of bank robberies, demonstrates their relentless pursuit of cash and foreign currency.
North Korea's Use of Crypto Currency for International Purchases
North Korea utilizes crypto currency to make international purchases, avoiding the need to repatriate stolen funds back to North Korea. By leaving the stolen crypto currency in wallets around the world, North Korea can use it to buy goods and services in different countries without transferring the funds back to their home country.
Marine Chain and North Korea's Attempt at an ICO
Marine Chain, a crypto currency start-up supposedly based in Singapore, was actually a front operation by North Korea. Tony Walker, also known as Julian Kim, spearheaded the company's efforts to raise funds through an initial coin offering (ICO). Suspicion arose when Walker requested Jonathan from Kakong, a Singaporean individual involved with Marine Chain, to register the business in his name. Eventually, it was discovered that Marine Chain had connections to North Korea, leading to its sudden disappearance and the vanishing of Walker and Kim.
In this episode we interview journalist Geoff White to discuss some of the recent crypto currency heists that have been happening. Geoff has been tracking a certain group of thieves for some time and shares his knowledge of what he’s found.
Much of what we talk about in this episode has been published in Geoff’s new book The Lazarus Heist: From Hollywood to High Finance: Inside North Korea’s Global Cyber War (https://amzn.to/3mKf1qB).
Sponsors
Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. axonius.com/darknet
Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
