A year from now, North Korea’s crypto hacking activities will likely become more sophisticated, according to intelligence leaders in the countries south of the DMZ.

The National Cybersecurity Cooperation Center was recently formed by the South Korean National Intelligence Service (NIS) and commercial security companies, according to YTN. The centre will be responsible for responding to cyber threats from North Korea.

“Nine government agencies and five commercial IT security organizations,” according to the NIS, make up the centre.

The NIS asserted that while the North has historically targeted South Korean cryptocurrency exchanges, it is now concentrating on people. According to the NIS, it will also focus on the decentralised finance (Defi) market.

The NIS predicted that Pyongyang-based hackers will “concentrate on compromising DeFi providers” in 2023 since the South has regulatory “blind spots” regarding these services.

Seoul has charged Pyongyang with carrying out several assaults against cryptocurrency exchanges operating in South Korea. According to Seoul, hackers from North Korea stole $7 million from Bithumb in February 2017. 

Additionally, according to South Korea, Pyongyang is said to have virtually bankrupted the Youbit platform in 2017 by taking 17% of its cryptocurrency holdings.

Since then, Seoul has controlled exchanges. It no longer issues operational licenses to exchanges unless those exchanges can demonstrate that they have sophisticated security mechanisms. Security experts have previously said that Southern exchanges only had bare-bones security measures in place.

These were described as being “low-hanging fruit” for knowledgeable Pyongyang hackers. According to some observers, the North has developed an “elite” group of “cyber fighters.”

The North has refuted claims that it hacks cryptocurrency, calling these claims made by the United States and South Korea “fabrications.”

The NIS forewarned that Pyongyang was working on cutting-edge “deep fake” technologies that may enable it to deceive unwary social media and internet users.

According to recent claims made by international security firms, a virus-infected Mycelium Wallet clone is allegedly being distributed on several Telegram channels by the North Korean hacker organisation Lazarus.

They further said that Lazarus runs the fictitious cryptocurrency exchange BloxHolder. According to analysts, the latter contains pages and material that have been stolen from the HaasOnline trade site.