This article is more than three months old

North Korean hackers eye Bitcoin, Ethereum ETFs, FBI warns

North Korean hackers eye Bitcoin, Ethereum ETFs, FBI warns
Markets
North Korean hackers are eyeing crypto ETFs. Credit: Andrés Tapia
  • North Korean hackers are eyeing crypto ETF issuers, according to the FBI.
  • The FBI has likely “identified a long list of potential targets,” a security researcher told DL News.

North Korean hackers have long targeted crypto companies due to the irreversibility of blockchain-based transactions. That’s because once crypto is in a hacker’s wallet, no bank or government can void an illegitimate transaction on a victim’s behalf.

Now, there are signs those hackers are eyeing bigger fish.

North Korean hackers have “conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months,” the FBI warned in its latest public service announcement, posted Tuesday.

“This research included pre-operational preparations suggesting North Korean actors may attempt malicious cyber activities against companies associated with cryptocurrency ETFs or other cryptocurrency-related financial products.”

ETF issuers should heed the FBI’s warning, according to Taylor Monahan, lead security researcher at crypto wallet provider MetaMask.

“If I were an ETF issuer (or even working at a company adjacent or brand affiliated with ETFs), I would definitely be reviewing my internal controls right now,” she told DL News.

“Identify single points of failure, ensure logging is on, revoke and rotate old or unused keys, and share this PSA with employees. Lazarus doesn’t mess around and they are very good at getting inside organisations,” she added, referring to the Lazarus Group, hackers that researchers believe to be affiliated with North Korea.

That’s because the FBI’s PSAs are a high-effort, low-reward endeavour.

Join the community to get our latest stories and updates

“Getting a PSA out to the public is a lot of work and requires a lot of people to coordinate and confirm the intel,” Monahan said.

PSAs are also a less effective method of warning at-risk businesses than directly contacting them, she added.

“This usually means that the FBI has identified a long list of potential targets, possibly a long list of unknown targets, and is thus willing to go through the effort of releasing a PSA with the hopes that doing so [would] front run a hack.”

Bitcoin ETFs made their debut in the US in January. Ethereum ETFs followed in July.

Bitcoin ETFs have been a resounding success so far, attracting about $50 billion through the first half of the year. The influx helped drive Bitcoin to an all-time high in March.

Ethereum ETFs, meanwhile, saw a relatively muted launch, with demand quickly drying up after a torrid start.

ETFs appeal to risk-averse investors as they provide exposure to the underlying asset without the hassle and risk of storing it themselves.

Investment banks Goldman Sachs and Morgan Stanley revealed in regulatory filings last month that they hold $600 million in Bitcoin between them in US spot Bitcoin ETFs.

Issuers include BlackRock, the world’s largest asset manager, along with other titans of finance, such as Fidelity and Franklin Templeton.

In 58 suspected cyber heists, North Korean hackers have stolen $3 billion worth of crypto assets in the last seven years, according to a 615-page report published by the United Nations Security Council earlier this year.

Much of that money has been used to finance the country’s nuclear weapons programme.

Hackers have proven adept at infiltrating crypto companies, using sophisticated social engineering schemes and fake job applications.

But they have plenty of experience targeting more traditional institutions as well, Monahan noted.

“Going after ETF issuers is certainly different than their recent DeFi/CeFi/CEX targets, but I’m not sure it’s necessarily an escalation,” she said, using terms for centralised finance and centralised crypto exchanges.

“Prior to crypto, these same hackers spent years successfully infiltrating banks around the globe and targeting the SWIFT system directly. They tend to follow the money and, today, ETF issuers have money.”

Aleks Gilbert is DL News’ New York-based DeFi correspondent. You can reach him at aleks@dlnews.com.