A confidential report by independent sanctions monitors to U.N. Security Council members said blockchain transactions related to the hack also appeared to be tied to a second hack last October when $23 million was stolen.
“Preliminary analysis, based on the attack vectors and subsequent efforts to launder the illicit proceeds, strongly suggests links to the DPRK,” the monitors wrote, using North Korea’s formal name, the Democratic People’s Republic of Korea. They accuse Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.
While the report did not name the victim of the attack, digital currency exchange KuCoin reported the theft of $281 million in bitcoin and various other tokens on Sept. 25.
“This must be the KuCoin hack,” said Frank van Weert, an analyst with Whale Alert – an Amsterdam-based group which tracks large cryptocurrency movements across the internet. “There were no other significant hacks during that period.”
Attempts to reach KuCoin and its chief executive, Johnny Lyu, were not immediately successful.
Industry experts said the hackers were trying to funnel the money through decentralized exchanges - which work by arranging individual-to-individual currency swaps - in a bid to bypass centrally-managed trading platforms, many of which had quickly flagged the stolen money as illicit.
“According to sources familiar with both hacks, the attackers exploited ‘defi’ protocols — i.e., smart contracts that facilitate automated transactions,” the U.N. report said.
North Korea’s U.N. mission in New York did not immediately respond to a request for comment on the report.
KuCoin has previously said that it managed to recover more than 80 percent of the digital currency stolen in September thanks in part to the work of other exchanges who froze the funds as they transited through their respective systems.
CEO Lyu has also said that KuCoin had discovered who the hackers were but said that, at the request of law enforcement, it would only be making their identity public “once the case is closed.” In an update posted to Twitter last week, Lyu said that the hunt for the suspects was still in progress.
North Korea has generated an estimated $2 billion using “widespread and increasingly sophisticated” cyberattacks to steal from banks and cryptocurrency exchanges, the monitors reported in 2019.
In their latest report, seen by Reuters on Monday, they said North Korea-linked hackers continued to target financial institutions and virtual currency houses in 2020. “According to one member state, the DPRK total theft of virtual assets, from 2019 to November 2020” was approximately $316.4 million, the report said.
North Korea has been subjected to U.N. sanctions since 2006. They have been strengthened by the 15-member Security Council over the years.
The latest report by the U.N. sanctions monitors also noted “a clear trend in 2020 was that the DPRK cyber actors have been conducting attacks against defense industries around the globe.” Reporting by Michelle Nichols and Raphael Satter; Editing by Mary Milliken and Grant McCool