Report: North Korean Hackers Attempted to Steal the Personal Information of UpBit’s Customers




Last modified


Crypto hackers

North Korean hackers are targeting Upbit exchange’s customers in a phishing attack. According to East Security, a cybersecurity firm, the exchange’s users received phishing emails on May 28. The email detailed that Upbit needed more user data for a sweepstakes payout. However, the emails came from another server, not Upbit’s.

Per East Security, the email had an attachment labeled as the documentation of the payout. While the attachment looked like a regular document file, it had malicious code. The group of hackers behind the attack designed the code to steal user data including private keys and login credentials. On top of this, the code also connected the victims’ computers to a command and control system. In so doing, it gave the hackers remote access to the victims’ computers.

The malicious file had password protection, which allowed it to bypass security restrictions with ease.

Hacking Group Leaves Signature Behind

Upon analyzing the tools that the hackers used in the attack, the cybersecurity firm suspected Kim Soo-ki, a North Korean hacking group. Reportedly, the group used the same strategy while attacking South Korean government entities. Apart from this, Kim Soo-ki is also the suspect behind targeting South Korean reporters earlier this year.

According to Mun Jong-hyun, the head of the ESRC Center at East Security,

In analyzing attack tools and malicious codes used by hacker groups, there are unique characteristics we saw,

No Victims Have Come Out Yet

After the attack, the cybersecurity company noted that no victims had emerged yet. South Korea is one of the most profitable crypto markets in the globe. The recent crypto rally that saw BTC come close to hitting $9,000 for the first time in more than a year has seen bad actors in the nascent industry resurface.

Mun added that,

As bitcoin prices rise, more and more customers are using exchanges. This means that the number of victims has increased, which means that the possibility of stealing passwords stored in the exchange has increased,

This news comes after Kaspersky warned that another North Korean hacker group has been targeting crypto exchanges. Known as Lazarus APT, the group carries out the attacks for financial gains. Per Kaspersky, the group updates its tricks and tactics regularly to bypass exchange firewalls.

Crypto hackers are coming up with new ways to keep their pockets full with each passing day. Earlier this month, Binance, a leading crypto exchange unveiled that hackers withdrew 7,000 BTC from its wallets. This attack saw the exchange lose approximately $40 million worth of its crypto holdings.

Do you think the North Korean hackers behind Upbit’s attack are responsible for the previous crypto hacks in South Korea? Let us know in the comments below.