Japanese Crypto Exchanges Targeted by North Korean Hackers

Exchange Hack Japan North Korea Security
Last updated:
Journalist
Journalist
Sead Fadilpašić
About Author

Sead specializes in writing factual and informative articles to help the public navigate the ever-changing world of crypto. He has extensive experience in the blockchain industry, where he has served...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
Source: AdobeStock / Mieszko9

The notorious North Korean hacker group Lazarus is targeting Japanese cryptoasset companies, and some of these companies have already seen their cryptos be stolen, according to The JapanNews, citing the National Police Agency (NPA).

On Friday, the NPA released an alert, together with the Financial Services Agency and the National Center of Incident Readiness and Strategy for Cybersecurity, stating that there is a high chance that Japanese businesses have been targeted by Lazarus for several years now.

It was the subsequent investigation that led to Lazarus being identified as the group behind these targeted attacks. The investigation was led by the regional police across Japan in collaboration with the NPA’s special investigation unit on cyber-attacks established in April this year.

Japan has used a specific and rarely used method here, called “public attribution” – they came out with a name of a suspected attacker before making any moves such as an arrest. In these cases, they also announce the attackers’ purpose, means of attack, and any other relevant information. This method, per the news outlet, has been seen recently as an effective tool to deter attacks.

Katsuyuki Okamoto of the information security firm Trend Micro Inc. was quoted as saying,

“Lazarus initially targeted banks in various countries, but recently it has been aiming at cryptoassets that are managed more loosely. […] It’s important to engage in public attribution, as it will raise public awareness of the perpetrator’s tactics and prompt people to take measures.”

It is noted that overseas cyber criminals are difficult to identify but that it is still possible to do so through specific investigative methods, including an analysis of viruses and emails.

In the case of Lazarus, the report cited a senior NPA official who said that the group sent phishing emails to employees of the specific, targeted companies, in which they presented themselves as executives of cryptocurrency companies. Furthermore, they communicated with these employees via social media in order to infect their computers with malware.

This method seems to have worked on some companies, which reported the incidents to the police. However, the NPA has not disclosed individual domestic cases linked to Lazarus, said the report.

This would not be the first time the Cryptoverse has crossed paths with Lazarus, though. Just this year, the US Treasury Department sanctioned an Ethereum (ETH) address that it said received the coins stolen in the Ronin Bridge hack. The US Federal Bureau of Investigation (FBI) claimed that the North Korean group was behind this security breach, while the sanctions announcement stated that Lazarus was based in the Potonggang District of the North Korean capital Pyongyang.

The blockchain analytics firm Chainalysis said at the time that the crypto industry needed a greater “understanding of how [North Korea]-affiliated threat actors exploit crypto,” as well as “better security for DeFi protocols.”

North Korea has repeatedly denied that it seeks to hack crypto and has refuted accusations surrounding the Lazarus group, denying its existence altogether, as well as alleged individual members of the group that have been named by the FBI. Pyongyang also previously claimed that accusations of crypto theft were “the sort of fabrication that only the United States” was capable of “inventing” – calling the American government “kings” of hacking.

Meanwhile, The JapanNews cited “sources” who said that Lazarus was involved, among other cases, in the theft of some ¥6.7 billion ($45 million) in Bitcoin (BTC) and other cryptos from the Zaif crypto exchange in 2018, as well as ¥3.5 billion ($23.54 million) in XRP and other assets from Bitpoint Japan in 2019.

____

Learn more:
Prosecutors: Ethereum Foundation Knew About Virgil Griffith’s North Korea Intentions
North Korea ‘Funding Weapons Programs’ with Vast Cache of ‘Stolen Crypto’

N Korea Says It Doesn’t Hack Crypto, Calls the US the World’s ‘King of Hacking & Theft’
Tornado Cash Reportedly Tied to North Korean Hackers Lazarus Group

Japanese Crypto Exchanges to Enforce FATF’s Travel Rule Next Month
Stop Your Crypto Operations in Russia, Washington Tells Japanese Exchanges & Miners

More Articles

Altcoin News
Andreessen Horowitz Scales Back UK Operations Amid Trump’s Pro-Crypto Policy Push
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-01-25 11:28:20
Bitcoin News
Nasdaq Seeks In-Kind Creation and Redemption for BlackRock Spot Bitcoin ETF
Ruholamin Haqshanas
Ruholamin Haqshanas
2025-01-25 11:20:43
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors