A North Korean government-backed hacking group penetrated an American IT management company. According to two sources familiar with the matter, it is used as a springboard to target cryptocurrency companies. The hackers broke into Louisville, Colorado-based JumpCloud in late June and used their access to the company’s systems to target its cryptocurrency clients to steal digital cash, the sources said. The attackers allegedly stole over $2 million in various crypto coins and tokens and nearly $400,000 worth of cryptocurrency hardware.
The attack on JumpCloud, first reported by cybersecurity news outlet Recorded Future, is one of the most significant to date targeting companies involved in the cryptocurrency industry. As a result, it could profoundly impact the growth of cryptocurrencies like Bitcoin and Ethereum. The hack is also a reminder of the heightened risk facing anyone working in the space, especially when dealing with financial services and blockchain companies.
According to the indictment, the three men hacked the victim to steal cryptocurrencies from its customers. Specifically, the men stole tokens associated with two different blockchain platforms and then transferred those tokens to exchanges. The indictment charges the trio with multiple crimes, including conspiracy to commit computer fraud and abuse, wire fraud, and bank fraud. The Justice Department seeks to seize the stolen cryptocurrencies and return them to the victim.
Cybersecurity experts have long linked the Lazarus hacking group to cyber heists on energy providers. Still, it has recently turned its attention to stealing money and cryptocurrency from blockchain and crypto organizations. The group is also suspected of stealing over $625 million in the Ronin Network, an Ethereum-based sidechain for popular play-to-earn games. It is believed to have collaborated with foreign nationals in each stage of the laundering process.
While researchers note that there’s a wide variety of uses for the stolen funds, the most troubling is that Pyongyang appears to be using the loot to help fund its nuclear weapons program. The government of the Democratic People’s Republic of Korea has been relying on criminal activities like cyber theft to finance its missile and nuclear programs for years and has vowed to step up the practice.
The Sky Mavis incident illustrates how far the country has escalated its hacking game. The hack was more significant than any previous attack by the North and eclipsed a similar breach at a Russian firm that paid out almost $1 billion in compensation. But Bob McMillan, a correspondent for Recorded Future, says that what’s most alarming is what the regime plans to do with this loot.