NEW YORK • A preliminary United Nations inquiry into the theft of US$281 million (S$372 million) worth of assets from a cryptocurrency exchange in September last year "strongly suggests" links to North Korea - with industry analysts pointing to KuCoin as the victim of one of the largest reported digital currency heists.
A confidential report by independent sanctions monitors to UN Security Council members said blockchain transactions related to the hack also appeared to be tied to another hack in October last year when US$23 million was stolen.
"Preliminary analysis, based on the attack vectors and subsequent efforts to launder the illicit proceeds, strongly suggests links to the DPRK," the monitors wrote, using North Korea's official name, the Democratic People's Republic of Korea.
They accuse Pyongyang of using stolen funds to support its nuclear and ballistic missile programmes to circumvent sanctions.
While the report did not name the victim, Seychelles-based digital currency exchange KuCoin reported the theft of US$281 million in bitcoin and various other tokens on Sept 25 last year.
"This must be the KuCoin hack," said Mr Frank van Weert, an analyst with Whale Alert, which tracks large cryptocurrency movements. "There were no other significant hacks in that period."
Industry experts said the hackers were trying to funnel the money through decentralised exchanges - which work by arranging individual-to-individual currency swaps - in a bid to bypass centrally managed trading platforms, many of which had quickly flagged the stolen money as illicit.
KuCoin has said it managed to recover more than 80 per cent of what was stolen in September thanks in part to other exchanges who froze the funds as they transited through their systems.
KuCoin chief executive Johnny Lyu also said the firm knew who the hackers were but that, at the request of law enforcement, it would make their identity public only "once the case is closed".
Mr Lyu last week said the hunt for the suspects was still in progress.
North Korea has generated an estimated US$2 billion using "widespread and increasingly sophisticated" cyber attacks to steal from banks and cryptocurrency exchanges, the monitors reported in 2019.
In their latest report, they said North Korea-linked hackers continued to target financial institutions and virtual currency houses last year.
The report also noted "a clear trend last year was that the DPRK cyber actors have been conducting attacks against defence industries around the globe".