February 23, 2023 • 14 mins
Want to hear a big number? How about $3.8 billion. That’s the amount of crypto that hackers managed to steal last year. That’s a new record. The company behind that report, Chainalysis, also found that one specific hacking group was responsible for a huge chunk of that stolen crypto. If you guessed that hacking group was Lazarus, connected to North Korea, you’d be correct.
Lazarus allegedly stole $1.7bn in 2022, compared with only $400 million worth of crypto the year before. It further solidifies the notion that North Koreans are likely using the cryptocurrency sector as a way to raise funds in the face of international sanctions. But what does all of this mean for the crypto market? And what can we do to prevent more hacks from happening?
Bloomberg reporter Jeff Stone joins this episode.
Listen to Bloomberg Crypto on the iHeartRadio App, Apple Podcasts or Spotify.
Subscribe to the Bloomberg Crypto Newsletter at https://bloom.bg/cryptonewsletter
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:02):
This is Bloomberg Crypto, a daily Bloomberg I HUD podcast,
and I'm Stacy Marie Ishmael, Managing editor of Crypto for
Bloomberg News. It's Thursday, February twenty third. Want to hear
(00:26):
a big number? How about three point eight billion with
a b yep, that's the amount of crypto that hacker
has managed to steal last year and it's a new
record the company behind that number. Cha analysis also found
that one specific hacking group was responsible for a huge
chunk of that stolen crypto. If you guessed that the
(00:48):
hacking group was Lazarus and you know that they're connected
to North Korea, congratulations, you're probably a regular listener of
this podcast. Lazarus allegedly stole one point seven billion dollars
in twenty twenty two, with compares with less than half
a billion dollars the year before. This further solidifies the
notion that North Korean hackers are seeing the cryptocurrency sector
(01:10):
as a way to raise funds and revenue in the
face of international sanctions. Now, what does all of this
mean for the crypto markets and what does it mean
for you? If you hold crypto? Can anything to be
done to prevent these kinds of hacks from happening. Joining
me now is Bloomberg REPORTO Jeff Stone with more. Jeff,
(01:38):
welcome back to the podcast. Thank you for having me.
We are once again I'm going to talk about hackers.
I love it. That's what I'm here for. Happy to
do it. I continue to be fascinated by the fact
that the North Koreans in particular seem to have emerged
as the most profitable hackers in the entire old. Is
(02:00):
that a fair assessment, I think so. It's a difficult
thing to quantify candidly, but in very broad terms. If
you think about the big nation state hacking groups, North
Korea is singularly focused on generating revenue for Pyongyang. We
know that they're under intense international sanctions, so raising money
(02:24):
via hacking is a key part of their existence. Really,
whereas like a Chinese hacking group might be more focused
on stealing intellectual property, for instance. We know that Russia
has been involved in all kinds of political stuff as
well as just different kinds of mayhem, but that's really
North Korea and hacker's singular focus. You know, you recently
published a story about the fact that crypto hacks in general, right,
(02:49):
so anything that you could mention, and this is based
on a report by ch Analysis, had reached nearly four
billion dollars in twenty twenty two, which was an increase
from the year before when it was about three point
three billion dollars. But the thing again that blew me
away was how much of that was directly attributable to
this one particular North Korean group. Me too, I mean,
(03:11):
that was the biggest surprise, you know. I think everyone,
probably all your listeners spent a lot of last year
reading about different hacks and major hundreds of millions of
dollars worth of theft in cryptocurrency. It's pretty staggering to
think about almost half of that, half of that three
point eight billion being the work of North Koreans and
then the rest being various other parties. I think a
(03:33):
lot of those are still under investigation, but this relatively
small apparently military intelligence hacking units has taken the vast
majority of the sum of virtual currency last year. It
seems like they really sharpened their focus on crypto because
the year before, hacks attributed to Lazarus, which is what
they're called, were like less than five hundred million dollars, right,
(03:54):
that's a pretty dramatic increase. Like what's driving that, It's
difficult to know from sitting outside Telligence Agency. It seems
like they were successful and they found a way to
do it, and they're going to continue to do it.
If you think back to previous generations, we know that
North Koreans were accused of counterfeiting cash, you know, American
US dollars and using that in the black market to
(04:17):
raise money. We know that they have a history of
using counterfeit cigarettes and kind of propping up a lot
of that trade over the past couple decades. Cryptocurrency seems
to be their next mL And is that because people
in crypto are like uniquely prone to being bamboozled? Is
it because the crypto company security isn't great? Is it
kind of a culmination of things. I think there's a
(04:39):
scramble to get rich in crypto. Certainly over the past
couple of years. I think that has led to a
reduction in the amount of perhaps scrutiny that people are
putting on different projects and really rushing to kind of
monetize in this space. There's a new currency we have
to jump on this, there's a new market. We have
to jump on this. There's lot of speculation, as you
(05:01):
know better than anyone, and North Korea is honing their
craft at really inserting themselves into that process. Well, so
that point, you know, I think a lot of folks
have this very stereotypical idea that all hacking is just
like someone probably a dude, hovering in front of a
computer in which like green text on a black background
(05:21):
is flashing before their very eyes. But you've also reported
on the ones that like there are folks doing fake
interviews to try to get intelligence at crypto companies, say
more about some of these strategies. Yeah, that kind of
hacker in abasement stereotype is no longer the case. There
have been US indictments against alleged North Kreen hackers, while
(05:43):
one came out in twenty twenty one that was really
revelatory in some of the scope of these efforts. These
are professional soldiers who spend their lives going to international
competitions abroad. They are working very carefully night and day
to get as good as they can at using Western
(06:04):
languages online. They're very good at programming. It's the same
kind of programming that you would learn at Stanford or
Harvard in a kind of coding program. And the reason
that they're so motivated and the reason that they're so
crafty is because a lot of their life depends on it.
They are supporting families, you know, according to an analysis
of these some of these charges that have come out
(06:26):
against these alleged hackers, but they're really prolific and they're
incredibly focused. I had a researcher tell me one of
the reasons they're so good at using fake resumes, for instance,
or searching on LinkedIn or indeed for job data they
can kind of use for themselves is because they need
to do it. There's not a lot of other options
(06:49):
that they have to raise revenue online. You know. One
person mentioned to me that they are doing a lot
more with a lot less than other hacking groups have
in terms of technology. Coming up more from Bloomberger posts
Jeffstone on record breaking cryptoffs. We'll be right back. One
(07:14):
of the other things that I find interesting about what
you're describing in terms of like these motivations, you know,
these are folks with families, These are folks who are
who are trying to survive. It also seems to me
that it doesn't seem to be slowing down at all,
you know, like the numbers are getting bigger every single time,
like year over year these reports are coming out. Is
(07:36):
there any way to stop any of this? There's not
an obvious way to stop it. We know the Department
of Treasury is engaged in kind of an information tour
to ensure that organizations, particularly in the cryptocurrency world and
the financial world and the technology sector, have a stronger
understanding of what's happening. A lot of your listeners will
(07:57):
be familiar with the sanctions against Tornado Cash and Blender,
which are some of these mixing services that these actors
have used to launder cryptocurrency. We know, according to recent
reports from just recently, there is a new service called
Sinbad that has allegedly used to you know, convert a
(08:20):
lot of these transactions in a way that is more
difficult for law enforcement and for independent security researchers to track.
So those are all really subtle but important indications that
this phenomenon is going to continue, if not accelerating. You know.
One of the things that people I remember, I grew
(08:40):
up in the ins and as am of the generation
that was like, you know, forget hotmail I had I
had accounts before hotmail existed. It would be like, don't
click any links, don't give anybody your credit card details.
How do you defend against someone who is pretending to
be not a North Korean hacker in a job interview,
or who is engaging in some of the more sophisticated
(09:03):
techniques like cloning your simcard? Like is there anything a
person can do if even governments configure this out. The
short answer is no, Unfortunately for a lot of investors
and a lot of people who might find themselves even
as the targets of surveillance. A little bit outside this conversation,
but if there's a nation state hacking group that is
specifically targeting a certain individual or perhaps in exchange, they
(09:26):
have the means and motive and opportunity and probably the
orders to make that happen. You might log into your
personal cryptocurrency website and it looks completely legitimate, just like
it did yesterday, asks you to insert your user name
and password, and you do that, and then you find out,
once your cryptocurrency is gone, that that was a fake
(09:47):
page that was the product of eighteen months of reconnaissance
and intelligence gathering and a really careful attack designed to
take over as much as they possibly can. I mean,
hearing things like that is one of the reasons folks
are like everybody should have a cold wallet and you know,
only access your crypto and computers that are not connected
(10:09):
to the Internet. That has never felt like a scalable
solution for the cryptocurrency world. I mean that advice that
you're describing sounds to me like the cryptocurrency world is
experiencing some of the pain that the rest of the
Internet has gone through. When it comes to changing your
passwords frequently and making sure that you're not reusing the
(10:31):
same user name credentials across the Internet. It's a very
difficult problem to solve, so a lot of organizations are
not offloading that risk onto users but kind of saying,
you know, those are subtle ways of saying, we can't
completely protect you. Here's a couple things that you might
be able to do, but again, it's just very difficult.
Everyone has busy lives. You can't change your password and
write it down every day. You have to be able
(10:53):
to trust systems at a certain point in kind of
hope that you're not taken for all your worth. You know,
it's so interesting that so many of these conversations come
back to trust, because one of the problems of crypto
was supposed to solve is not having to trust anything
or anybody, And here we are again talking about having
to trust systems, just as a kind of a closing question,
(11:13):
as somebody who has covered cybersecurity for a long time
and is now kind of a crypto reports as a
result of that. I really like the analogy that you
made of you know, this is a problem that's been
experienced in any other domain that is connected to a
computer or a silver anywhere in the world. Are there
things that other domains have done that have helped at all?
(11:35):
Or is it really just like an intellectual arms race
over who's going to be more sophisticated, you know, like
Red team Blue team kind of stuff. The smartest thing
that you can do is use multi factor authentication. You know,
from an individual standpoint, it's not going to solve every problem,
but from an individual standpoint, you want to make sure
(11:55):
that when you're logging into a website with your password,
that website verifies you that you are who you say
you are in a different way, whether that be through
a text message, which is not the most reliable example anymore,
or a phone call or a QR code. Make sure
that that is on all of your accounts, and try
(12:18):
to be mindful about how far and wide the services
that you're signing up to are. That's to say, don't
sign up to every other thing. Try to keep things
relatively concentrated under your control so that it's not a
huge shock when in two years a website that you
completely forgot about is breached in your information spills out. Yeah,
I mean a couple of weeks ago, I got an
(12:40):
email from a stationary websites like they literally print cards
and envelopes, and they're like, so sorry, your information has
been revealed for the entire incident. I was like, are
you kidding me? Let me ask you this. When you
read that, were you like, were you just like of course,
or were you like, you're not even shocked anymore? Right,
I'm not even shocked anymore. I mean I think after
like the big Experience debacle in the United States, which
(13:01):
you know is that that is a company with literally
one job right, just identity prosection and they were like oopsie.
So it can feel really demoralizing that It's like, you
know you, you're screaming into the void of I'm trying
so hard and yet I wish I had better news. Sorry.
You know, so much of being a reporter is like,
(13:22):
let me tell you how bad it is. So sorry, Yeah,
especially lately. Well, Jeff on that cherry note, thank you
as always for coming on the show. Thank you such
a fan. That was Bloomberg Report to Jeff Stone. You
can find more of his reporting on the Bloomberg Terminal
and on Bloomberg dot com. And don't forget to sign
up for twice weekly newsletter, Bloomberg Crypto. This is Bloomberg Crypto,
(13:49):
a daily podcast from Bloomberg and iHeartRadio. For more shows
from iHeartRadio, visit the iHeartRadio app, Apple Podcasts, or wherever
you get your podcasts. Send us your comments, questions, or
suggestions for the show to Crypto at Bloomberg dot net.
The supervising producer of Bloomberg Crypto is Vicky Vergelina. Our
(14:11):
senior producer is Janet Babin. Our producers are Mohammed Farouk
and Sharon Barrero. Our associate producers are Ty Butler and
Moses on m Desta wonder At is our engineer. Original
music by Leo Sidron. I'm Stacy Marie Schml. We'll be
back tomorrow.
This is Bloomberg Crypto, a daily Bloomberg I HUD podcast,
and I'm Stacy Marie Ishmael, Managing editor of Crypto for
Bloomberg News. It's Thursday, February twenty third. Want to hear
(00:26):
a big number? How about three point eight billion with
a b yep, that's the amount of crypto that hacker
has managed to steal last year and it's a new
record the company behind that number. Cha analysis also found
that one specific hacking group was responsible for a huge
chunk of that stolen crypto. If you guessed that the
(00:48):
hacking group was Lazarus and you know that they're connected
to North Korea, congratulations, you're probably a regular listener of
this podcast. Lazarus allegedly stole one point seven billion dollars
in twenty twenty two, with compares with less than half
a billion dollars the year before. This further solidifies the
notion that North Korean hackers are seeing the cryptocurrency sector
(01:10):
as a way to raise funds and revenue in the
face of international sanctions. Now, what does all of this
mean for the crypto markets and what does it mean
for you? If you hold crypto? Can anything to be
done to prevent these kinds of hacks from happening. Joining
me now is Bloomberg REPORTO Jeff Stone with more. Jeff,
(01:38):
welcome back to the podcast. Thank you for having me.
We are once again I'm going to talk about hackers.
I love it. That's what I'm here for. Happy to
do it. I continue to be fascinated by the fact
that the North Koreans in particular seem to have emerged
as the most profitable hackers in the entire old. Is
(02:00):
that a fair assessment, I think so. It's a difficult
thing to quantify candidly, but in very broad terms. If
you think about the big nation state hacking groups, North
Korea is singularly focused on generating revenue for Pyongyang. We
know that they're under intense international sanctions, so raising money
(02:24):
via hacking is a key part of their existence. Really,
whereas like a Chinese hacking group might be more focused
on stealing intellectual property, for instance. We know that Russia
has been involved in all kinds of political stuff as
well as just different kinds of mayhem, but that's really
North Korea and hacker's singular focus. You know, you recently
published a story about the fact that crypto hacks in general, right,
(02:49):
so anything that you could mention, and this is based
on a report by ch Analysis, had reached nearly four
billion dollars in twenty twenty two, which was an increase
from the year before when it was about three point
three billion dollars. But the thing again that blew me
away was how much of that was directly attributable to
this one particular North Korean group. Me too, I mean,
(03:11):
that was the biggest surprise, you know. I think everyone,
probably all your listeners spent a lot of last year
reading about different hacks and major hundreds of millions of
dollars worth of theft in cryptocurrency. It's pretty staggering to
think about almost half of that, half of that three
point eight billion being the work of North Koreans and
then the rest being various other parties. I think a
(03:33):
lot of those are still under investigation, but this relatively
small apparently military intelligence hacking units has taken the vast
majority of the sum of virtual currency last year. It
seems like they really sharpened their focus on crypto because
the year before, hacks attributed to Lazarus, which is what
they're called, were like less than five hundred million dollars, right,
(03:54):
that's a pretty dramatic increase. Like what's driving that, It's
difficult to know from sitting outside Telligence Agency. It seems
like they were successful and they found a way to
do it, and they're going to continue to do it.
If you think back to previous generations, we know that
North Koreans were accused of counterfeiting cash, you know, American
US dollars and using that in the black market to
(04:17):
raise money. We know that they have a history of
using counterfeit cigarettes and kind of propping up a lot
of that trade over the past couple decades. Cryptocurrency seems
to be their next mL And is that because people
in crypto are like uniquely prone to being bamboozled? Is
it because the crypto company security isn't great? Is it
kind of a culmination of things. I think there's a
(04:39):
scramble to get rich in crypto. Certainly over the past
couple of years. I think that has led to a
reduction in the amount of perhaps scrutiny that people are
putting on different projects and really rushing to kind of
monetize in this space. There's a new currency we have
to jump on this, there's a new market. We have
to jump on this. There's lot of speculation, as you
(05:01):
know better than anyone, and North Korea is honing their
craft at really inserting themselves into that process. Well, so
that point, you know, I think a lot of folks
have this very stereotypical idea that all hacking is just
like someone probably a dude, hovering in front of a
computer in which like green text on a black background
(05:21):
is flashing before their very eyes. But you've also reported
on the ones that like there are folks doing fake
interviews to try to get intelligence at crypto companies, say
more about some of these strategies. Yeah, that kind of
hacker in abasement stereotype is no longer the case. There
have been US indictments against alleged North Kreen hackers, while
(05:43):
one came out in twenty twenty one that was really
revelatory in some of the scope of these efforts. These
are professional soldiers who spend their lives going to international
competitions abroad. They are working very carefully night and day
to get as good as they can at using Western
(06:04):
languages online. They're very good at programming. It's the same
kind of programming that you would learn at Stanford or
Harvard in a kind of coding program. And the reason
that they're so motivated and the reason that they're so
crafty is because a lot of their life depends on it.
They are supporting families, you know, according to an analysis
of these some of these charges that have come out
(06:26):
against these alleged hackers, but they're really prolific and they're
incredibly focused. I had a researcher tell me one of
the reasons they're so good at using fake resumes, for instance,
or searching on LinkedIn or indeed for job data they
can kind of use for themselves is because they need
to do it. There's not a lot of other options
(06:49):
that they have to raise revenue online. You know. One
person mentioned to me that they are doing a lot
more with a lot less than other hacking groups have
in terms of technology. Coming up more from Bloomberger posts
Jeffstone on record breaking cryptoffs. We'll be right back. One
(07:14):
of the other things that I find interesting about what
you're describing in terms of like these motivations, you know,
these are folks with families, These are folks who are
who are trying to survive. It also seems to me
that it doesn't seem to be slowing down at all,
you know, like the numbers are getting bigger every single time,
like year over year these reports are coming out. Is
(07:36):
there any way to stop any of this? There's not
an obvious way to stop it. We know the Department
of Treasury is engaged in kind of an information tour
to ensure that organizations, particularly in the cryptocurrency world and
the financial world and the technology sector, have a stronger
understanding of what's happening. A lot of your listeners will
(07:57):
be familiar with the sanctions against Tornado Cash and Blender,
which are some of these mixing services that these actors
have used to launder cryptocurrency. We know, according to recent
reports from just recently, there is a new service called
Sinbad that has allegedly used to you know, convert a
(08:20):
lot of these transactions in a way that is more
difficult for law enforcement and for independent security researchers to track.
So those are all really subtle but important indications that
this phenomenon is going to continue, if not accelerating. You know.
One of the things that people I remember, I grew
(08:40):
up in the ins and as am of the generation
that was like, you know, forget hotmail I had I
had accounts before hotmail existed. It would be like, don't
click any links, don't give anybody your credit card details.
How do you defend against someone who is pretending to
be not a North Korean hacker in a job interview,
or who is engaging in some of the more sophisticated
(09:03):
techniques like cloning your simcard? Like is there anything a
person can do if even governments configure this out. The
short answer is no, Unfortunately for a lot of investors
and a lot of people who might find themselves even
as the targets of surveillance. A little bit outside this conversation,
but if there's a nation state hacking group that is
specifically targeting a certain individual or perhaps in exchange, they
(09:26):
have the means and motive and opportunity and probably the
orders to make that happen. You might log into your
personal cryptocurrency website and it looks completely legitimate, just like
it did yesterday, asks you to insert your user name
and password, and you do that, and then you find out,
once your cryptocurrency is gone, that that was a fake
(09:47):
page that was the product of eighteen months of reconnaissance
and intelligence gathering and a really careful attack designed to
take over as much as they possibly can. I mean,
hearing things like that is one of the reasons folks
are like everybody should have a cold wallet and you know,
only access your crypto and computers that are not connected
(10:09):
to the Internet. That has never felt like a scalable
solution for the cryptocurrency world. I mean that advice that
you're describing sounds to me like the cryptocurrency world is
experiencing some of the pain that the rest of the
Internet has gone through. When it comes to changing your
passwords frequently and making sure that you're not reusing the
(10:31):
same user name credentials across the Internet. It's a very
difficult problem to solve, so a lot of organizations are
not offloading that risk onto users but kind of saying,
you know, those are subtle ways of saying, we can't
completely protect you. Here's a couple things that you might
be able to do, but again, it's just very difficult.
Everyone has busy lives. You can't change your password and
write it down every day. You have to be able
(10:53):
to trust systems at a certain point in kind of
hope that you're not taken for all your worth. You know,
it's so interesting that so many of these conversations come
back to trust, because one of the problems of crypto
was supposed to solve is not having to trust anything
or anybody, And here we are again talking about having
to trust systems, just as a kind of a closing question,
(11:13):
as somebody who has covered cybersecurity for a long time
and is now kind of a crypto reports as a
result of that. I really like the analogy that you
made of you know, this is a problem that's been
experienced in any other domain that is connected to a
computer or a silver anywhere in the world. Are there
things that other domains have done that have helped at all?
(11:35):
Or is it really just like an intellectual arms race
over who's going to be more sophisticated, you know, like
Red team Blue team kind of stuff. The smartest thing
that you can do is use multi factor authentication. You know,
from an individual standpoint, it's not going to solve every problem,
but from an individual standpoint, you want to make sure
(11:55):
that when you're logging into a website with your password,
that website verifies you that you are who you say
you are in a different way, whether that be through
a text message, which is not the most reliable example anymore,
or a phone call or a QR code. Make sure
that that is on all of your accounts, and try
(12:18):
to be mindful about how far and wide the services
that you're signing up to are. That's to say, don't
sign up to every other thing. Try to keep things
relatively concentrated under your control so that it's not a
huge shock when in two years a website that you
completely forgot about is breached in your information spills out. Yeah,
I mean a couple of weeks ago, I got an
(12:40):
email from a stationary websites like they literally print cards
and envelopes, and they're like, so sorry, your information has
been revealed for the entire incident. I was like, are
you kidding me? Let me ask you this. When you
read that, were you like, were you just like of course,
or were you like, you're not even shocked anymore? Right,
I'm not even shocked anymore. I mean I think after
like the big Experience debacle in the United States, which
(13:01):
you know is that that is a company with literally
one job right, just identity prosection and they were like oopsie.
So it can feel really demoralizing that It's like, you
know you, you're screaming into the void of I'm trying
so hard and yet I wish I had better news. Sorry.
You know, so much of being a reporter is like,
(13:22):
let me tell you how bad it is. So sorry, Yeah,
especially lately. Well, Jeff on that cherry note, thank you
as always for coming on the show. Thank you such
a fan. That was Bloomberg Report to Jeff Stone. You
can find more of his reporting on the Bloomberg Terminal
and on Bloomberg dot com. And don't forget to sign
up for twice weekly newsletter, Bloomberg Crypto. This is Bloomberg Crypto,
(13:49):
a daily podcast from Bloomberg and iHeartRadio. For more shows
from iHeartRadio, visit the iHeartRadio app, Apple Podcasts, or wherever
you get your podcasts. Send us your comments, questions, or
suggestions for the show to Crypto at Bloomberg dot net.
The supervising producer of Bloomberg Crypto is Vicky Vergelina. Our
(14:11):
senior producer is Janet Babin. Our producers are Mohammed Farouk
and Sharon Barrero. Our associate producers are Ty Butler and
Moses on m Desta wonder At is our engineer. Original
music by Leo Sidron. I'm Stacy Marie Schml. We'll be
back tomorrow.
Popular Podcasts
Cold Case Files: Miami
Joyce Sapp, 76; Bryan Herrera, 16; and Laurance Webb, 32—three Miami residents whose lives were stolen in brutal, unsolved homicides. Cold Case Files: Miami follows award‑winning radio host and City of Miami Police reserve officer Enrique Santos as he partners with the department’s Cold Case Homicide Unit, determined family members, and the advocates who spend their lives fighting for justice for the victims who can no longer fight for themselves.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.