UpBit Exchange Phishing Email Scam Came From North Korea, Source Claims

Hackers from North Korea were behind a phishing scam targeting users of South Korean cryptocurrency exchange UpBit, Korean-language cryptocurrency news outlet CoinDesk Korea reported on May 29.

According to findings by local cybersecurity firm East Security, the scam came in the form of an email sent to UpBit users requesting account information.

The pretence was a fake giveaway, with the emails also containing a file called “Event Winner Personal Information Collection and Usage Agreement.hwp,” which would run malicious code when opened.

UpBit had alerted traders a day before, warning anyone receiving an email from the address “events@UpBit.co.kr” to discard it.

“Please note that this mail is not an email sent from UpBit,” a rough translation of a statement released at the time reads. It continues:

“If you receive an email with an attachment with a similar title that impersonates UpBit in future, please do not download the file attached to the email and delete the email immediately.”

According to East Security, the emails were the work of North Korean hacker group Kim Soo-Ki.

As Cointelegraph reported, North Korea continues to target the cryptocurrency industry worldwide, with United States FBI officials this week claiming such activity was a direct response to sanctions placed on its economy.

“Sanctions are having an economic impact, so cyber operations are a means to make money, whether it’s through cryptocurrency mining or bank theft,” a senior FBI official warned.

UpBit is South Korea’s largest cryptocurrency exchange, and the only one out of the country’s top five platforms to record an overall profit during the 2018 bear market.