North Korea's crypto hacking efforts will intensify in 2023, Seoul warns.

 North Korea's crypto hacking efforts will intensify in 2023, Seoul warns.Source: Vchalup/Adobe

South of the DMZ, intelligence chiefs have warned that North Korea's crypto hacking campaigns will likely intensify in the coming year.


According to YTN, the South Korean National Intelligence Service (NIS) and private security providers have recently established a National Cybersecurity Cooperation Center. The center's mission will be to respond to North Korean cyber threats.

According to the NIS, the center is made up of "nine government agencies and five private IT security companies."

While the North has traditionally targeted South Korean crypto exchanges, the NIS claims that it is now shifting its focus to individuals. According to the NIS, it will also target the decentralized finance (DeFi) space.

According to the NIS, Pyongyang-based attackers will "focus on hacking DeFi services" in 2023 because these are in a regulatory "blind spot."

Pyongyang has been blamed for multiple attacks on South Korean cryptocurrency exchanges, according to Seoul. 
North Korean hackers stole $7 million from Bithumb in February 2017, according to Seoul. 
South Korea also claims Pyongyang effectively bankrupted Youbit in 2017, after stealing 17% of its crypto assets.

North Korea's crypto hacking efforts will intensify in 2023, Seoul warns. 2023

Since then, Seoul has regulated exchanges. It is now only issuing operating licenses to exchanges that can demonstrate advanced security protocols. Security experts previously stated that Southern exchanges operated with minimal security.

These were described as "low-hanging fruit" for experienced Pyongyang hackers. According to some experts, the North has developed a "elite" team of "cyber warriors."

According to Seoul, 'deep fake' attacks on cryptocurrency targets will begin in 2023.

The North has denied allegations that it hacks cryptocurrency, calling the claims made by the United States and South Korea "fabrications."

Pyongyang, the NIS warned, was developing advanced "deep fake" technology that could be used to deceive unsuspecting social media and internet users.

According to international security firms, the North Korean hacking group Lazarus is distributing a virus-infected Mycelium Wallet clone on various Telegram channels.

They also claim Lazarus runs a bogus cryptocurrency exchange called BloxHolder. According to experts, the latter includes pages and content stolen from the HaasOnline trading platform.