UpBit Exchange Phishing Email Scam Came From North Korea, Source Claims

Published at: May 31, 2019

Hackers from North Korea were behind a phishing scam targeting users of South Korean cryptocurrency exchange UpBit, Korean-language cryptocurrency news outlet CoinDesk Korea reported on May 29.

According to findings by local cybersecurity firm East Security, the scam came in the form of an email sent to UpBit users requesting account information.

The pretence was a fake giveaway, with the emails also containing a file called “Event Winner Personal Information Collection and Usage Agreement.hwp,” which would run malicious code when opened.

UpBit had alerted traders a day before, warning anyone receiving an email from the address “[email protected]” to discard it.

“Please note that this mail is not an email sent from UpBit,” a rough translation of a statement released at the time reads. It continues:

“If you receive an email with an attachment with a similar title that impersonates UpBit in future, please do not download the file attached to the email and delete the email immediately.”

According to East Security, the emails were the work of North Korean hacker group Kim Soo-Ki.

As Cointelegraph reported, North Korea continues to target the cryptocurrency industry worldwide, with United States FBI officials this week claiming such activity was a direct response to sanctions placed on its economy.

“Sanctions are having an economic impact, so cyber operations are a means to make money, whether it’s through cryptocurrency mining or bank theft,” a senior FBI official warned.

UpBit is South Korea’s largest cryptocurrency exchange, and the only one out of the country’s top five platforms to record an overall profit during the 2018 bear market.

Tags
Related Posts
Report: North Korean Hackers Created Realistic Trading Bot to Steal Money
The North Korean hacking team Lazarus Group targeted several crypto exchanges last year, Chainalysis reports. One of the attacks involved the creation of a fake, but realistic trading bot website that was offered to employees of DragonEx exchange. In March 2019 the hackers stole approximately $7 million in various cryptocurrencies from Singapore-based DragonEx exchange. Though a relatively small sum, the hackers went to great lengths to obtain it. The group used a sophisticated phishing attack where they created a realistic website and social media presence for a fake company named WFC Proof. The supposed company had created Worldbit-bot, a trading …
Cryptocurrency Exchange / Feb. 5, 2020
North Korea Stole $2 Billion in Cryptocurrency From Exchanges, Says UN
North Korea has netted around $2 billion by hacking banks and cryptocurrency exchanges, according to the United Nations. UN: Hacked crypto funds weapons of mass destruction In a confidential report acquired by mainstream media outlets including Reuters on Aug. 5, the U.N. Security Council North Korea sanctions committee said that hackers formed an essential part of government funding. “Democratic People’s Republic of Korea cyber actors, many operating under the direction of the Reconnaissance General Bureau, raise money for its WMD (weapons of mass destruction) programs, with total proceeds to date estimated at up to two billion US dollars,” Reuters quoted …
Cryptocurrency Exchange / Aug. 6, 2019
Report: Record-Breaking Coincheck Hack Perpetrated by Virus Tied to Russian Hackers
The personal computers of employees at hacked Japanese crypto exchange Coincheck have allegedly been found to have been infected by a virus associated with a hacker group of Russian origin. The allegation was reported by Cointelegraph Japan on June 16. As Cointelegraph has reported, in January 2018, Coincheck suffered an industry record-breaking hack when $534 million worth of NEM was stolen from its wallets. Cointelegraph Japan cites a report from Japanese media agency Asahi Shimbun, which claims that fresh research has cast doubt on prior assumptions that the high-profile hack had been perpetrated by attackers with a North Korean connection. …
Cryptocurrency Exchange / June 17, 2019
Korean Ministry Launches Probe Into Causes of Bithumb Crypto Exchange Hack
The South Korean Ministry of Science and Technology (MIC) has launched an investigation into the theft of $30 mln from the world’s sixth largest crypto exchange Bithumb, Yonhap News reports Wednesday, June 20. Bithumb, which is the leading crypto exchange in South Korea, temporarily suspended all deposits and payments on the exchange as soon as it had detected the theft. According to Yonhap, the Ministry has said that as soon as it reported the Bithumb hack, the Korea Internet & Security Agency (KISA) joined an urgent investigation into the case. The Ministry now plans to analyze the causes of the …
Cryptocurrency Exchange / June 20, 2018
World’s Sixth Largest Crypto Exchange Bithumb Hacked, Loses $30 Mln
Hackers have stolen cryptocurrencies worth $30 million from South Korea's leading virtual currency exchange Bithumb, Cointelegraph Japan reported June 19. As a result all deposits and payments have been temporarily suspended. *All deposit and withdrawal service will be stopped to make sure the security. We will keep notice you of the restart of the service. We apologize for your inconvenience and thanks for your understanding. — Bithumb (@BithumbOfficial) June 20, 2018 The exchange states it will compensate users affected by the hack, and that all assets are being moved to a cold wallet: “[Notice for the suspension of all deposit …
Bitcoin / June 20, 2018