North Korean cyberattacks on South Africa – What happened to cryptocurrency exchanges

Cryptocurrency exchanges Luno, Ice3X, AltCoinTrader, VALR, and Ovex told MyBroadband that neither North Korea nor any other attacker has breached their security.

This follows recent reports that South Africa was one of 17 countries hit by North Korean attackers to raise money for its weapons of mass destruction programmes.

Articles from Reuters and the Associated Press cited an unpublished report prepared for the UN Security Council, which stated that North Korea perpetrated at least 35 attacks and raised up to $2 billion.

One attack reportedly targeted thirteen countries: Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia, and Vietnam.

South Korea, India, Bangladesh and Chile each suffered multiple attacks by North Korea.

Although no details of the attack on South Africa were provided, the report stated that there were three major ways in which North Korea was raising money:

  1. Attacks on the SWIFT system, which is typically used for cross-border money transfers between banks.
  2. Attacks on cryptocurrency exchanges and individual holders, where tokens were stolen.
  3. Mining of cryptocurrency.

MyBroadband asked South African cryptocurrency exchanges whether they had been targeted by North Korean attackers and if they had detected any successful hacks.

Regular attempted break-ins, but no successful hacks

VALR co-founder and CEO, Farzam Ehsani, said that they have seen a number of attempted attacks on their platform from around the world, all of which have failed. It is not unusual for cryptocurrency exchanges to experience such attacks, he said.

“We are aware of the alleged attacks from North Korea, and our customers’ assets and information remain safe and secure,” Ehsani said.

“We invest significantly in the cybersecurity of our platform. In addition to our dedicated cybersecurity team that previously helped build the online security of two of South Africa’s largest banks, we have engaged 3 different cybersecurity firms and experts to ensure that the assets and information of our customers are as safe as possible.”

OVEX co-founder and CEO, Jonathan Ovadia, provided similar feedback, but added that they have not been the target of these attacks.

“This is most likely due to the fact that at OVEX we store 100% of our users’ funds in secure cold storage. This means that any sophisticated attack could never yield large paydays for a prospective attacker,” said Ovadia.

He said that there has never been a large-scale attack on a cryptocurrency exchange that stores all of its funds in cold storage. “Every significant attack has been made on exchanges with large hot wallets,” he said.

This has some drawbacks—withdrawals are only processed twice daily and require the signature of the user, an OVEX partner, and those of OVEX’s third-party custodial partners based offshore.

“However, this is a small price to pay for the significantly improved security,” Ovadia said.

Ice3x founder Gareth Grobler said that they have not had any security breaches since their exchange launched in 2013.

“We constantly monitor new threats,” Grobler said.

Luno’s GM for Africa, Marius Reitz, said that they are not aware of any attacks or interruptions on Luno’s exchange. No security breaches or loss of funds has been reported to Luno by customers either.

Reitz said that Luno uses certified hackers to continually test its security, and that they have security steps in place for managing keys and storing cryptocurrency.

AltCoinTrader said that it has not sustained a direct attack on its exchange. It has also noticed a general trend where hackers have moved away from targeting exchanges to targeting cryptocurrency users through phishing attacks.

For this reason, AltCoinTrader believes that security education is key for services like cryptocurrency exchanges, wallets, and online banking.

These sentiments were echoed by the other exchange operators, who urged people to adopt the security tools made available by platform operators, such as two-factor authentication.

Tyranny breeds criminal activity

News that North Korea attacked banks and cryptocurrency exchanges around the world was not surprising.

“Yes, North Korean cyber attacks have been an industry issue—both crypto and more widely traditional banking systems—for some time,” Grobler from Ice3x said.

“Whether the entities behind these attacks are government backed… Anyone could speculate. The problem with this type of speculation is exactly that: speculation.”

AltCoinTrader and OVEX said that places where there are severe sanctions or restrictions are breeding grounds for online criminal activity.

“This kind of thing frequently occurs in countries with depressed economies and tyrannical dictators, a very large portion of the white hat hacking community that we work with are from Russia and the former Soviet Union,” OVEX’s Ovadia said.

“Computer savvy and smart kids in the USA or South Africa are able to put their intelligence to good use, and often end up starting companies that change the world, as seen with Elon Musk or Mark Shuttleworth.”

Unfortunately, smart kids in places like North Korea and Iran don’t have the same opportunity.

“Young people in these countries sanctioned by the UN and the US grow up with a world view that the ‘West is bad’, and limited opportunities end up turning to cyber crime, usually without conscience as they feel the victim is evil and deserves their fate.”

Ovadia said that state-sanctioned cyber crime is not a new phenomenon.

“However, doing it for economical gain is quite strange, and using the proceeds to fund WMDs is very alarming.”

Now read: Sandton entrepreneur arrested on $11-million fraud charge

Latest news

Partner Content

Show comments


Share this article
North Korean cyberattacks on South Africa – What happened to cryptocurrency exchanges