The story of the Binance hack—one of the largest ever to occur in the crypto world—is yet another sorry entry onto an ever-growing list of crypto hacking incidents.
While most of the crypto world has lauded Binance for the way it reacted to the breach, the fact that it could happen to arguably the most well-known exchange in the world is worrisome.
But have you ever stopped to think about who is behind the hacking? Who are the people that are getting rich from the benefits of crime? Is it an organized effort by large groups, or a series of lone-wolf incidents by hardcore fanatics around the world?
The Kaspersky Report
In March 2019, Kaspersky Labs published a report. It found a single group to be responsible for more than 50 percent of all crypto hacks since 2017.
The latest research suggests that the total value of all crypto hacks has now surpassed $1.3 billion, with more than 60 percent of the total coming from 2018 alone. That puts the total amount stolen by the hackers in the ballpark of $500 million.
But what—or who—is the group responsible?
The Lazarus Group is one of the most notorious online hacking groups.
It first shot to prominence in 2009 with a DDoS attack on Seoul and the Korean government, but have since been involved in bank robberies, cyber espionage, and more.
The group was also reportedly behind the infamous WannaCry ransomware attack in 2017 which affected more than 300,000 computers around the world.
It is not known who is behind the group nor who many people associate with it. Some experts have suggested the group has at least some connection with North Korea.
Kaspersky was warning about the Lazarus Group’s interest in crypto exchanges as early as mid-2018. It said Lazarus was using fake companies with a backdoored product aimed at cryptocurrency businesses to crack into the exchanges.
Further research suggests that Lazarus was behind five of the biggest hacks of 2018, including the monster $532 million NEM hack from Coincheck.
The Chainalysis Report
We’re big fans of Chainalysis. The company aims to bring greater transparency to the blockchain by working to expose fraud, money laundering, and hacking as it happens. Indeed, they were one of our highlights from Consensus 2019.
In January 2019—so a couple of months earlier than Kaspersky—Chainalysis also published a report about the groups responsible for crypto exchange hacking.
Although it found that a small number of people dominated the hacking scene, it decided that two groups, not one, bore the responsibility for at least 60 percent of all crypto exchange hacks.
Chainalysis’ data suggests that one group, known as Alpha, is:
“A giant, tightly controlled organization partly driven by non-monetary goals.”
While the second group, Beta, is:
“A less organized and smaller organization absolutely focused on the money [that] doesn’t appear to care very much about evading detection.”
The two groups take very different approaches to how they launder the money after a hack.
Alpha is characterized by rapid movements of smaller amounts. At least 75 percent of its stolen coins are cashed out within 30 days of the hack.
Beta plays a longer game. Chainalysis found that the group typically waited for between six and 18 months before moving its coins, but that when it eventually did, Beta used one exchange and cashed all the tokens in a matter of days.
Is Lazarus Alpha or Beta?
For the conclusions of the two reports, it seems more than probable that Lazarus is one of the two groups identified in the Chainalysis version. But is it Alpha or Beta?
You can make an argument for both sides, but we had a chat on Slack and agreed that Alpha was the more probable match.
Given that Lazarus has reported ties with North Korea, a country that—from a geopolitical standpoint—is more preoccupied with causing disruption than financial gain, we felt the non-monetary aspect of Alpha was the giveaway.
Let us know if you agree.
Will the Groups Continue to Dominate?
And so, to the future. Will entities like Lazarus and the mysterious Alpha and Beta continue to be responsible for the majority of crypto hacks?
At this stage, it seems probable. If the groups are state-sponsored actors—either from North Korea or any other country that’s politically hostile to the west—it’s tough to prevent their growth.
Instead, the onus for safety will continue to rest on the exchanges’ shoulders. As Binance and others have shown, emergency pools of money and robust refund processes will have to become the norm.
And remember, it’s more important than ever that you store your crypto in an offline cold wallet, well away from the potentially weak security of exchanges’ online hot wallets.