UN experts point finger at North Korea for US$281m cyber theft, KuCoin likely victim

Digital currency exchange KuCoin reported the theft of US$281 million in bitcoin and various other tokens on Sept 25.
Digital currency exchange KuCoin reported the theft of US$281 million in bitcoin and various other tokens on Sept 25.PHOTO: REUTERS

NEW YORK/WASHINGTON (REUTERS) - A preliminary United Nations inquiry into the theft of US$281 million (S$373 million) worth of assets from a cryptocurrency exchange last September "strongly suggests" links to North Korea - with industry analysts pointing to Seychelles-based KuCoin as the victim of one of the largest reported digital currency heists.

A confidential report by independent sanctions monitors to UN Security Council members said blockchain transactions related to the hack also appeared to be tied to a second hack last October when US$23 million was stolen.

"Preliminary analysis, based on the attack vectors and subsequent efforts to launder the illicit proceeds, strongly suggests links to the DPRK," the monitors wrote, using North Korea's formal name, the Democratic People's Republic of Korea.

They accuse Pyongyang of using stolen funds to support its nuclear and ballistic missile programmes to circumvent sanctions.

While the report did not name the victim of the attack, digital currency exchange KuCoin reported the theft of US$281 million in bitcoin and various other tokens on Sept 25.

"This must be the KuCoin hack," said Frank van Weert, an analyst with Whale Alert - an Amsterdam-based group which tracks large cryptocurrency movements across the internet. "There were no other significant hacks during that period."

Attempts to reach KuCoin and its chief executive, Johnny Lyu, were not immediately successful.

Industry experts said the hackers were trying to funnel the money through decentralised exchanges - which work by arranging individual-to-individual currency swaps - in a bid to bypass centrally-managed trading platforms, many of which had quickly flagged the stolen money as illicit.

"According to sources familiar with both hacks, the attackers exploited 'defi' protocols - ie, smart contracts that facilitate automated transactions," the UN report said.

North Korea's UN mission in New York did not immediately respond to a request for comment on the report.

KuCoin has previously said that it managed to recover more than 80 per cent of the digital currency stolen in September thanks in part to the work of other exchanges who froze the funds as they transited through their respective systems.

CEO Lyu has also said that KuCoin had discovered who the hackers were but said that, at the request of law enforcement, it would only be making their identity public "once the case is closed."

In an update posted to Twitter last week, Lyu said that the hunt for the suspects was still in progress.

North Korea has generated an estimated US$2 billion using "widespread and increasingly sophisticated" cyberattacks to steal from banks and cryptocurrency exchanges, the monitors reported in 2019.

In their latest report, seen by Reuters on Monday, they said North Korea-linked hackers continued to target financial institutions and virtual currency houses in 2020.

"According to one member state, the DPRK total theft of virtual assets, from 2019 to November 2020" was approximately US$316.4 million, the report said.

North Korea has been subjected to UN sanctions since 2006.

They have been strengthened by the 15-member Security Council over the years.

The latest report by the UN sanctions monitors also noted"a clear trend in 2020 was that the DPRK cyber actors have been conducting attacks against defence industries around the globe."