“If the Internet is like a gun, cyberattacks are like atomic bombs.” – Kim Jon Il
“Cyberwarfare is an all-purpose sword that guarantees the North Korean People’s Armed Forces ruthless striking capability, along with nuclear weapons and missiles.” – Kim Jong-un
"The real purpose of the DPRK’s cyber, military, policy, and political aggressiveness is ultimately to control and subdue its own population and retain power."
-
Comprehensive timeline of North Korea sanctions with the events that triggered them: 1985-2021
-
Tracking Internet Use Out of North Korea Reveal The Adaptable and Innovative Ruling Elite
-
The All-Purpose Sword: North Korea’s Cyber Operations and Strategies (2019)
-
North Korea's Crypto Hackers Are Paving the Road to Nuclear Armageddon
-
Kim Jong Un is directly handling results of new COVID-19 hacking organization's work
- 2017 - Youbit aka Yapizon aka Coinbin - $5,300,000
- 2017 - Bithumb - $40,000,000
- 2017-May-12 Wannacry - $Unknown
- 2017-Jul-15 2017 Cryptojacking Incidents - $Unknown
- 2017-Sep-23 Coinis - $2,190,000
- 2017-Dec-06 NiceHash - $62,000,000
- 2018 - Marine Chain
- 2018-Mar-18 Cypherium - $8,500,000
- 2018-Apr-12 Coinsecure - $3,500,000
- 2018-Apr-19 E7 - $5,000,000
- 2018-Apr-21 Gate.io - $250,000,000
- 2018-May-29 Taylor ICO - $1,700,000
- 2018-Jun-09 Coinrail - $40,000,000
- 2018-Jun-16 G13 Theft - $275,000
- 2018-Jul-09 Bancor - $23,000,000
- 2018-Aug-07 BTC Markets - $3,500,000
- 2018-Aug-09 Klickl IDCM - $620,000
- 2018-Sep-01 Indodax - $24,900,000
- 2018-Sep-14 Zaif - $59,000,000
- 2018-Oct-20 Trade.io - $10,000,000
- 2018-Nov-04 Kryptono - $270,000
- 2019-Jan-14 Cryptopia - $16,000,000
- 2019-Mar-23 Etbox - $132,000
- 2019-Mar-24 DragonEx - $7,090,000
- 2019-Mar-25 Coinbene - $105,000,000
- 2019-Mar-26 BiKi - $12,300,000
- 2019-Jun-30 Bitcoin Norway (AlphaPoint) - $500,000
- 2019-Jul-01 CoinTiger - $272,000
- 2019-Sep-25 Algo Capital - $2,000,000
- 2019-Nov-27 Upbit - $48,500,000
- 2020 - BTC Changers - $Unknown
- 2020-Aug-07 New York Financial Services Company - $11,800,000
- 2020-Sep-07 Eterbase - $5,400,000
- 2020-Sep-26 Kucoin - $280,000,000
- 2020-Oct-06 CoinMetro - $740,000
- 2020-Nov-13 L2 Theft - $893,000
- 2020-Nov-13 Theft from Individual - $893,000
- 2020-Dec-14 Hugh Karp / Nexus Mutual - $8,000,000
- 2021-Apr-19 EasyFi Founder - $81,000,000
- 2021-May-12 990.1 BTC - $55,600,000
- 2021-May-17 FinNexus Admin Key Compromise - $7,000,000
- 2021-Jun-07 Fetch.ai - $2,600,000
- 2021-Jul-13 Tower Capital - $Unknown
- 2021-Jul-14 Bondly Finance - $5,900,000
- 2021-Aug-18 Liquid Global - $91,000,000
- 2021-Sep-25 SpookySwap LP - $Unknown
- 2021-Oct-08 mngr - $18,000,000
- 2021-Oct-28 Metaplay - $Unknown
- 2021-Nov-01 YFEthereum (YFETH) Admin Key - $200,000
- 2021-Nov-03 bZx - $55,000,000
- 2022-Mar-22 Arthur_0x - $1,600,000
- 2022-Apr-14 Ronin Bridge - 625000000
- 2022-Jun-24 Harmony Horizon Bridge - $100,000,000
- 2022-Aug-05 deBridge (Attempt) - $0
- 2023-Apr-10 Terraport - $3,900,000
- 2023-Apr-20 3CX - $0
- 2023-Jun-03 Atomic Wallet - $115,000,000
- 2023-Jul-20 Jumpcloud - $0
- 2023-Jul-22 Alphapo + Coinspaid - $97,000,000
- 2023-Aug-07 Steadefi - $1,140,000
- 2023-Aug-16 C8 Theft - $1,620,00./0
- 2023-Sep-04 Stake.com - $41,000,000
- 2023-Sep-12 CoinEx - $54,000,000
- 2023-Oct-17 Fantom Foundation - $7,624,588
- 2023-Oct-26 M7 Theft - $19,000,000
- 2023-Nov-10 Poloniex - $125,000,000
- 2023-Nov-14 Uno Re DAO - $219,000
- 2023-Nov-22 HTX Heco - $100,000,000
-
2023: > $565,503,588
-
2022: $1,650,000,000
-
2021: $428,800,000
-
2020: $300,000,000
-
2019: $271,000,000
-
2018: $522,000,000
-
2017: $30,000,000
-
2016: $1,500,000
-
Total: $3.2 Billion
-
https://www.chainalysis.com/blog/2022-biggest-year-ever-for-crypto-hacking/
- 2007 CHRG 109shrg28241
- 2014-02-01 KEI aps mansourov
- 2014-12-01 HPSR Security Briefing: North Korea
- 2015-12-16 CSIS: North Koreas Cyber Operations
- 2016-08-09 Korean Special Asymmetric Paramilitary Forces
- 2017-04-03 Kaspersky: Lazarus Under The Hood PDF final
- 2017-05-30 GroupIB: Lazarus Arisen
- 2017-08-01 US Army: North Korean Cyber Support
- 2018-01-01 CRS R44912
- 2018-06-08 USA v PARK JIN HYOK ⭐
- 2018-10-01 North Korea CEEW
- 2019-01-29 ATA SFR SSCI
- 2019-08-30 UN: Security Report S/2019/691
- 2019 North Koreas Cyber Threat: The All Purpose Sword
- 2020-01-01 Recorded Future: Internet
- 2020-02-01 North Korea Cyber Operations
- 2020-02-05 USA v FTB
- 2020-03-02 USA v 113 (Yinyin) ⭐
- 2020-06-01 CryptoCore Group
- 2020-06-25 USA v Abbas
- 2020-07-01 ATP7 100
- 2020-08-27 USA v 280 Virtual Currency Accts ⭐
- 2020-11-17 USA v Ghaleb Alaumary
- 2020-11-17 USA v Ghaleb Alaumary
- 2020-12-08 USA v JON CHANG HYOK PARK JIN HYOK ⭐
- 2021-01-01 North Korea Military Power
- 2021-03-01 North Korea IB
- 2021-03-04 UN Security Council S/2021/211
- 2021-04-09 ATA 2021 Unclassified Report
- 2021-09-02 North Korean Cyberattacks
- 2022-03-01 UN: Security Report N2225209
- 2022-05-16 OFAC IT Workers Advisory
- 2023-03-04 Mandiant: APT43 Report
- 2023-03-07 UN Security Report N2303794
- 2023-04-18 USA v Sim Hyon Sop 00129 ⭐
- 2023-04-18 USA v Sim Hyon Sop 00128 ⭐
- 2023-06-05 SEC v Binance
- 2023-06-22 Recorded Future NK Cyber Strategy
- 2023-10-18 USA IT Workers 1134350 redacted ⭐
- 2023-10-18 USA IT Workers 12 domain names redacted
- 2023-10-18 USA IT Workers 397674 redacted
- 2023-10-18 USA IT Workers 5 domain names redacted
- 2023-11-01 USA v Binance
- 2023-11-20 FinCEN Binance Consent Order
- 2023-11-23 Kim Jong Un New Maybach
- 2023-11-30 Recorded Future Crypto Country
-
Chosun Expo
-
Sony Pictures Entertainmnet
-
Mammoth Screen
-
AMC Pictures
-
WannaCry
-
Lockheed Martin
-
Bangladesh Bank
-
Philippine Bank
-
https://oxtresearch.com/the-north-korean-connection/ (corrections to some of this below)
-
Exchange 1 = Gate.io Hack 10k BTC, $230m total - April 21, 2018
-
Exchange 2 = Youbit = "17% Assets"
-
Exchange 3 = Upbit = 342,000 ETH - November 27, 2019
-
Exchange 4 = Coinrail = $40m - Summer 2018
-
VCE 1 HitBTC/Changelly DP 63-64
-
VCE 2 KuCoin DP 112
-
VCE 3 Bittrex DP 50-52
-
VCE 4 Yobit DP 92-111
-
VCE 5 Huobi DP 65-70
-
VCE 6 CoinCola DP 55-62
-
VCE 7 Paxful DP 83-84
-
VCE 8 LocalBitcoin DP 71-80
-
VCE 9 P2Pb2b DP 113
-
VCE 10 Binance DP 44-49
-
VCE 11 Poloniex DP 85-90
-
VCE 12 Unknown DP 53-54
-
Sony Pictures Entertainment Inc. (“Sony Pictures”)
-
AMC Theatres
-
Mammoth Screen, a United Kingdom television production company
-
“African Bank” - a bank headquartered in a country in Africa
-
Bangladesh Bank, the central bank of Bangladesh, was headquartered in Dhaka, Bangladesh
-
Banco Nacional De Comercio Exterior aka “Bancomext” a Mexican state-owned bank headquartered in Mexico City, Mexico
-
“Maltese Bank” - a bank headquartered in Malta
-
BankIslami Pakistan Limited aka “BankIslami” - a bank headquartered in Karachi, Pakistan
-
“New York Financial Services Company” - a financial services company headquartered in New York, New York
-
Polish Financial Supervision Authority - the financial regulatory authority for Poland, and was based in Warsaw, Poland
-
“Philippine Bank” - a bank headquartered in Makati, Philippines
-
Far Eastern International Bank - a bank headquartered in Taipei, Taiwan
-
“Vietnamese Bank” - a bank headquartered in Hanoi, Vietnam
-
“Indonesian Cryptocurrency Company” = Indodax (probably) - a cryptocurrency exchange based in Jakarta, Indonesia
-
“South Korean Cryptocurrency Company” - a cryptocurrency exchange based in the Republic of Korea
-
“Slovenian Cryptocurrency Company” (NiceHash) - a crypto-mining company headquartered in Ljubljana, Slovenia
-
“Central American Online Casino 1” - an online casino business headquartered in a Central American country
-
“Central American Online Casino 2” - an online casino business headquartered in a Central American country
-
Exchange 2 = Upbit (Victim) = "On November 27, 2019 342,000 ETH was stolen from Exchange 2."
-
Exchange 3 = CoinTiger (Victim) = "On July 1, 2019, 400m PTT Tokens were stolen"
-
Exchange 4 = HitBTC (Laundry) = "All deposit activity for Target Actor 1’s account at Exchange 4 occurred on or about July 1, 2019, the same day as the theft from Exchange 3. The PXG and IHT deposits (17,829,785 PXG @ 2019-07-01 8:42 + 137,793 IHT @ 2019-07-01 13:22) came directly from the theft at Exchange 3."
-
Exchange 5 = BiKi (Laundry) = "1BHnp77MqZGGFaCGQ9J4GhLstPUeBshVcc also received approximately 15 BTC from accounts at Exchange 3 (CoinTiger), Exchange 5 (BiKi), and Exchange 6 (Huobi).
-
Exchange 6 = Huobi (Laundry) = "The 4,342,294.43 Yee (“YEE”), 171,145.04 All Sports Coin (“SOC”), 71,237.03 StatusNetworks (“SNT”), and 23,300.29 Cortex Coin (“CTXC”) stolen from CoinTiger were deposited to an account at Exchange 6 on or about July 2, 2019 at 10:29, 22:32, 10:42, and 07:13 respectively." - 0x1016b7835d409692e02ed2035e053fbfb4602982
-
Exchange 7 = KuCoin (Laundry) - "0x2dbc0f6b71e341c7eca01c5287eb57af3038a9c5 also received approximately 41,702 USDT from an account at Exchange 7” via 14 transactions between August 12, 2019 and August 14, 2019." - e.g. txn 0xa690bf67b9347ac0ca155a473df26d91b20a62acc63546863dae0b1418c11782
-
Exchange 8 = Switchain (Laundry) - "0x2dbc0f6b71e341c7eca01c5287eb57af3038a9c5 sent the USDT to Exchange 8, converted to BTC, and withdrawn to 1BHnp77MqZGGFaCGQ9J4GhLstPUeBshVcc." "On or about December 20, 2019, Exchange 8 received approximately 8.65658 ETH that was converted to 0.15012721 BTC" e.g. txn bf4f4c33fb1613524ad72cd082adb42d1816b1aef8907ce30b73bf9b78078c94
-
Exchange 9 = Changelly? (Laundry) - In December 2019, Target Actor 1 attempted to convert ETH to BTC through a cryptocurrency trading platform “Exchange 9” which was designed to enable the transfer of one form of cryptocurrency in exchange for another. The stolen REP in 0x2DBC0f6B71e341C7Eca01c5287Eb57AF3038A9c5 was then sent to Exchange 9, converted to BTC, and also withdrawn to cluster 1BHnp. The funds associated with Order ID 6918d31f-097c-4afe-8d06-054dd38a34ac are currently frozen at Exchange 9, pursuant to their own internal policies.
-
Exchange 10 = Algo Capital (Victim) = "U.S. Algorand crypto company hacked on September 25, 2019" - Defendant Property 25–130
-
Exchange 11 = Binance (Laundry) - "The photos submitted to Exchange 11 were likely stolen during the 2018 hack of a U.S.-based CEX where IDT Victim 1 was a customer."
-
Exchange 12 = Unknown - "Algo Capital's Binance Account also sent approximately 2.0285 BTC to an account at Exchange 12.""
-
https://docs.google.com/spreadsheets/d/1Uh-kQPRhR0GzDMFhrYtU6rrYBWmcMBcQUDI40CtWcAQ/edit?usp=sharing
-
https://docs.google.com/spreadsheets/d/1ZEEAmXjpN8kL9BvITg9GKu-dbeUra6c14YLpLkCp5Zo/edit?usp=sharing
-
no real purpose. i like rabbitholes, i'm weird. i've follow lazarus for a long, long time
-
i had multiple irl friends back in the day who worked at sony. now i have had multiple friends, founders, builders, users who have been rekt by these same fools, grown up
-
if you read about all the hacks and phishing campaigns in crypto, youre basically reading about lazarus, even if you dont know it
-
realizing there's guys on the other side of the world watching you...who likely know your product and codebase better than some of your own team members...guys who come from such a fundamentally different place than you do with regards to experience, ideology, motivation, and desires...and want to steal all your crypto...it's a lot
-
thus, i dive into my rabbithole for comfort. 🕳️🐇
-
gl.