U.S. Treasury puts crypto industry on notice over rising ransomware attacks

By Daphne Psaledakis

WASHINGTON (Reuters) – Suspected ransomware payments totaling $590 million were made in the first six months of this year, more than the $416 million reported for the whole of 2020, U.S. authorities said on Friday, as Washington put the cryptocurrency industry on alert about its role in combating ransomware attacks.

The U.S. Treasury Department said the average amount of reported ransomware transactions per month in 2021 was $102.3 million, with REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos the most prevalent ransomware strains reported.

President Joe Biden has made the government’s cybersecurity response a top priority for the most senior levels of his administration following a series of attacks this year that threatened to destabilize U.S. energy and food supplies.

Seeking to stop the use of crypto currencies in the payment of ransomware demands, Treasury told members of the crypto community they are responsible for making sure they do not “directly or indirectly” help facilitate deals prohibited by U.S. sanctions.

Its new guidance said the virtual currency industry plays an increasingly critical role in preventing those blacklisted from exploiting virtual currencies to evade sanctions.

“Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity,” Deputy Treasury Secretary Wally Adeyemo said in a statement.

The new guidance also advised virtual currency exchanges to use geolocation tools to block access from countries under U.S. sanctions.

Hackers use ransomware to take down systems that control everything from hospital billing to manufacturing. They stop only after receiving hefty payments, typically in cryptocurrency.

This year, gangs have hit numerous U.S. companies in large scale hacks. One such attack on pipeline operator Colonial Pipeline led to temporary fuel supply shortages on the U.S. East Coast. Hackers also targeted an Iowa-based agricultural company, sparking fears of disruptions to grain harvesting in the Midwest.

The Biden administration last month unveiled sanctions against cryptocurrency exchange Suex OTC, S.R.O. over its alleged role in enabling illegal payments from ransomware attacks, officials said, in the Treasury’s first such move against a virtual currency exchange over ransomware activity.

(Reporting by Chris Sanders, Chris Bing and Daphne Psaledakis; Editing by Chizu Nomiyama and Daniel Wallis)

U.S. recovers $2.3 million from Colonial Pipeline ransomware attack

By Sarah N. Lynch

WASHINGTON (Reuters) -The U.S. Justice Department on Monday said it recovered some $2.3 million worth of cryptocurrency from the Colonial Pipeline Co ransomware attack.

U.S. Deputy Attorney General Lisa Monaco said investigators had seized 63.7 Bitcoins, now valued at about $2.3 million, paid by Colonial after last month’s hack that led to massive shortages at gas stations along the East Coast just as the summer driving season began.

The Justice Department has “found and recaptured the majority” of the ransom paid by Colonial, Monaco said. Colonial Pipeline had said it paid the hackers nearly $5 million to regain access.

Last month, a cyber criminal group that U.S. authorities said operated from Russia penetrated the pipeline operator on the U.S. East Coast, locking its systems and demanding a ransom.

The hack caused a shutdown lasting several days, leading to a spike in gas prices, panic buying and localized fuel shortages in the U.S. Southeast.

The White House urged corporate executives and business leaders last week to step up security measures to protect against ransomware attacks after the Colonial attack and later intrusions that disrupted operations at a major meatpacking company.

Commerce Secretary Gina Raimondo said on Sunday the Biden administration was looking at all options to defend against ransomware attacks and that the topic would be on the agenda when President Joe Biden meets with Russian President Vladimir Putin this month.

(Reporting by Sarah N. Lynch, Jan Wolfe, Tim Ahmann, and Christopher Bing in Washington and Stephanie Kelly in New York; Writing by Mohammad Zargham and Lisa Lambert; Editing by Howard Goller)

North Korea took $2 billion in cyber attacks to fund weapons program: U.N. report

FILE PHOTO: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

By Michelle Nichols

UNITED NATIONS (Reuters) – North Korea has generated an estimated $2 billion for its weapons of mass destruction programs using “widespread and increasingly sophisticated” cyberattacks to steal from banks and cryptocurrency exchanges, according to a confidential U.N. report seen by Reuters on Monday.

Pyongyang also “continued to enhance its nuclear and missile programs although it did not conduct a nuclear test or ICBM (Intercontinental Ballistic Missile) launch,” said the report to the U.N. Security Council North Korea sanctions committee by independent experts monitoring compliance over six months.

The North Korean mission to the United Nations did not respond to a request for comment on the report, which was submitted to the Security Council committee last week.

The experts said North Korea “used cyberspace to launch increasingly sophisticated attacks to steal funds from financial institutions and cryptocurrency exchanges to generate income.” They also used cyberspace to launder the stolen money, the report said.

“Democratic People’s Republic of Korea cyber actors, many operating under the direction of the Reconnaissance General Bureau, raise money for its WMD (weapons of mass destruction) programs, with total proceeds to date estimated at up to two billion US dollars,” the report said.

North Korea is formally known as the Democratic People’s Republic of Korea (DPRK). The Reconnaissance General Bureau is a top North Korean military intelligence agency.

The U.N. experts said North Korea’s attacks against cryptocurrency exchanges allowed it “to generate income in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector.”

The Security Council has unanimously imposed sanctions on North Korea since 2006 in a bid to choke off funding for Pyongyang’s nuclear and ballistic missile programs. The Council has banned exports including coal, iron, lead, textiles and seafood, and capped imports of crude oil and refined petroleum products.

U.S. President Donald Trump has met with North Korea leader Kim Jong Un three times, most recently in June when he became the first sitting U.S. president to set foot in North Korea at the Demilitarized Zone (DMZ) between the two Koreas.

They agreed to resume stalled talks aimed at getting Pyongyang to give up its nuclear weapons program. The talks have yet to resume and in July and early August, North Korea carried out three short-range missiles tests in eight days.

The U.N. report was completed before last week’s missile launches by North Korea, but noted that “missile launches in May and July enhanced its overall ballistic missile capabilities.”

The U.N. experts said that despite the diplomatic efforts, their “investigations show continued violations” of U.N. sanctions.

“For example, the DPRK continued to violate sanctions through ongoing illicit ship-to-ship transfers and procurement of WMD-related items and luxury goods,” the U.N. report said.

(Reporting by Michelle Nichols; editing by Grant McCool)

Japan hit by another cryptocurrency heist, $60 million stolen

The silhouette of Japan's highest mountain Mount Fuji is seen beyond buildings in Tokyo in a file photo. REUTERS/Issei Kato

By Taiga Uranaka

TOKYO (Reuters) – Japanese cryptocurrency firm Tech Bureau Corp said about $60 million in digital currencies were stolen from its exchange, highlighting the industry’s vulnerability despite recent efforts by authorities to make it more secure.

Tech Bureau, which had already been slapped with two business improvement orders by regulators this year, said its Zaif exchange was hacked over a two-hour period on Sept. 14. It detected server problems on Sept. 17, confirmed the hack the following day, and notified authorities, the exchange said on Thursday.

Following the hack, Tech Bureau said it had agreed with JASDAQ-listed Fisco Ltd to receive a 5 billion yen ($44.59 million) investment in exchange for majority ownership. The proceeds from the investment would be used to replace the digital currencies stolen from client accounts.

However, Fisco said in a statement the 5 billion yen in “financial assistance” may change in value if the amount affected by the heist changes upon further investigation.

Documents seen by Reuters on Thursday showed Japan’s Financial Services Agency would conduct emergency checks on cryptocurrency exchange operators’ management of customer assets, following the theft. FSA officials were not immediately available for comment.

Japan’s crypto exchanges have been under close regulatory scrutiny after the theft of $530 million in digital coins at Tokyo-based cryptocurrency exchange Coincheck Inc. in January. Coincheck has since been acquired by Japanese online brokerage Monex Group Inc.

In the industry-wide check that followed the Coincheck theft, FSA said it found sloppy management at many exchanges, including the lack of proper safeguards for client assets and basic anti-money laundering measures.

In the Tech Bureau theft, virtual currencies worth about 6.7 billion yen ($59.67 million), including Bitcoin, Monacoin and Bitcoin Cash, were stolen from the exchange’s “hot wallet”. About 2.2 billion yen worth of the stolen currency was its own while the remaining 4.5 billion yen belonged to customers, it said.

Hot wallets are connected to the internet. Industry experts consider them to be more vulnerable to hacks than “cold wallets”, which are not connected to the internet.

The latest hack is likely to affect the FSA’s ongoing regulatory review of the industry. Other countries are also grappling with how to regulate crypto market.

Japan last year became the first country to regulate cryptocurrency exchanges, as it encourages technological innovation while ensuring consumer protection. Exchanges have to register with FSA and required reporting and other responsibilities.

FSA said last week more than 160 entities have expressed interest in entering the cryptocurrency exchange business but FSA has not issued any approval since December last year.

Toshihide Endo, FSA commissioner told Reuters in an interview last month that the agency is trying to strike a balance between safeguarding clients and technological innovation.

“We have no intention to curb (the crypto industry) excessively,” he said. “We would like to see it grow under appropriate regulation.”

($1 = 112.1400 yen)

(Additional reporting by Chang-Ran Kim and Takahiko Wada; Editing by Shri Navaratnam and Sam Holmes)

Venezuelan streets quieter than usual after opposition strike call

People queue to withdraw cash from automated teller machines (ATM) at a Mercantil bank branch in Caracas, Venezuela August 21, 2018. REUTERS/Carlos Garcia Rawlins

CARACAS (Reuters) – Venezuela’s streets were quieter than normal on Tuesday but many businesses remained open despite an opposition call for a national strike to protest economic measures announced by socialist President Nicolas Maduro.

The OPEC nation on Monday cut five zeros from prices in response to hyperinflation as part of a broad set of measures meant to address an economic crisis, including pegging the country’s currency to an obscure state-backed cryptocurrency.

Opposition critics slammed the plan as inadequate in the face of inflation that topped 82,000 percent in July and called for a one-day halt of commercial activities.

“Don’t got to work, you have the right to protest, because what’s at stake is your life, your future, and your country. Rebel!” opposition party Popular Will wrote via its Twitter account.

Maduro declared Monday a national holiday for banks and consumers to get accustomed to the new pricing scheme, under which items that cost 1,000,000 bolivars last week were remarked with price tags of 10 bolivars.

Fedecamaras, the country’s main business group, slammed the proposal as “incoherent,” noting that the plan’s 3,000 percent minimum wage increase would make it impossible for businesses to keep their doors open.

But the group did not take a position on the opposition-led strike, saying individual members should choose on their own.

Venezuelan 100 bolivar notes thrown by people in a trash bin are seen at a gas station of the Venezuelan state-owned oil company PDVSA in Caracas, Venezuela August 20, 2018. REUTERS/Marco Bello

Venezuelan 100 bolivar notes thrown by people in a trash bin are seen at a gas station of the Venezuelan state-owned oil company PDVSA in Caracas, Venezuela August 20, 2018. REUTERS/Marco Bello

The Information Ministry did not immediately reply to a request for comment.

The ruling Socialist Party announced a march on Tuesday morning to support Maduro’s economic measures that was scheduled to end with a rally at the presidential palace.

The collapse of the country’s once-booming economy has fueled hunger and disease, spurring an exodus of migrants to nearby countries.

In recent days, Ecuador and Peru tightened visa requirements for Venezuelans and violence drove hundreds of Venezuelan migrants back across the border with Brazil.

The discontent has also spread to the military, as soldiers struggle to get enough food and many desert by leaving the country.

Two high-ranking military officers were arrested this month for alleged involvement in drone explosions during a speech by Maduro, who called it an assassination attempt.

Maduro says his government is the victim of an “economic war” led by the opposition with the help of Washington, which last year levied several rounds of sanctions against his government and high-ranking officials.

(Reporting by Brian Ellsworth; Editing by Paul Simao)

North Korean hackers behind attacks on cryptocurrency exchanges

A coin representing the bitcoin cryptocurrency is seen on computer circuit boards in this illustration picture

SEOUL (Reuters) – South Korea’s spy agency said North Korean hackers were behind attacks on cryptocurrency exchanges this year in which some 7.6 billion won ($6.99 million) worth of cryptocurrencies were stolen, a newspaper reported on Saturday.

The cyber attacks attributed to North Korean hackers also included the leaking of personal information from 36,000 accounts from the world’s busiest cryptocurrency exchange Bitthumb in June, South Korea’s Chosun Ilbo reported, citing the country’s National Intelligence Service (NIS).

Attacks also included the theft of cryptocurrencies from accounts at exchanges Yapizon, now called Youbit, and Coinis in April and September, it said.

The 7.6 billion won of stolen cryptocurrencies are now worth about 90 billion won ($82.7 million), Chosun Ilbo reported. It also cited the NIS as saying North Korean hackers had also demanded 6 billion won ($5.5 million) from Bitthumb in return for deleting the leaked personal information.

Another cyber attack on about 10 cryptocurrency exchanges by North Korean hackers in October, using emails containing malware, was thwarted by the Korea Internet Security Agency (KISA), the newspaper reported.

The NIS found that the malware used in hacking the exchanges was made with the same method as malware used in hacking Sony Pictures and the central bank of Bangladesh in 2014 and 2016 respectively, the Chosun Ilbo reported.

The NIS also said emails used in the attacks used North Korean internet addresses, according to the Chosun Ilbo.

The NIS declined to comment. Representatives for KISA, Bitthumb, Youbit and Coinis could not be reached for comment.

($1 = 1,087.9500 won)

(Reporting by Joyce Lee and Heekyong Yang; Editing by Paul Tait)