North Korean Hackers Targeting UpBit Users

Reading Time: 2 minutes

Phishing scams are rife in the crypto world and these types of scams are becoming more prevalent in Korea. In a fresh round of phishing attacks that has been recently detected, a North Korean hacking group by the name of Kim-Soo-Ki has been targeting UpBit users with an elaborate phishing scam. The hackers have sent out emails to traders posing as admins requiring additional verification to enable a “sweepstake Payout” program to the traders with high BTC volumes. However, the form is laced with a trojan virus that will capture passwords, seep phrases and private keys.

Using Fake Documents

Unfortunately, hacking groups like Kim-Soo-Ki will pay off employees of crypto exchanges for access to personal information – such as email databases. Once hackers have this information, they can then send out their scam emails. In this email, there was a document titled “Event Winner Personal Information Collection and Usage Agreement”. However, rather than being saved as a pdf or Word document, it was a .hwp file. This should have set alarm bells ringing in the recipient’s mind, but often the allure of free crypto is too much to resist. As soon as the file was clicked and downloaded, a fake document was shown on the screen and the trojan virus got to work installing itself. Once installed, it sniffed out all sorts of information that would allow the hackers to steal crypto – ranging from passwords to seed phrases and private keys.

UpBit Isn’t the First Target

UpBit would be remiss to think it was the first crypto exchange to be hit by such phishing attacks. Back in February, Korbit warned its users of a phishing scam that was trying to steal users passwords. The email claimed to be from a brand-new sister exchange and users had been given an account – free of charge. To top it off, their username and password was allegedly the same, so users were compelled to log in. However, when trying to log in to the fake exchange, the form stole the login credentials and the hackers could then clean out their Korbit accounts.

Scammers Cleaning Out Crypto Caches

Unfortunately, these styles of scams are very effective and yield high returns for the scammers and hackers behind them. In 2018 alone, Australian based scammers netted a cool $4.3 million – a figure that’s up 190% from 2017. This shows the worrying number of people who falls for these types of scams and just how effective they can be.

If you receive any emails that look suspicious, ask you to download a file or follow a link then you should be wary. If you have any doubts at all, contact the company the email is allegedly from to ensure it’s not a fake. This step alone could help save millions of dollars every year from being stolen. The phishing attack from the North Korean group is still thought to be going on, so it’s vital that you delete any messages you receive related to this scam.

Share