It is public knowledge at this point that North Korea has been reportedly accused of sponsoring a hacker group called the Lazarus group in order to steal cryptocurrency from wallets and exchanges. The cryptocurrency stolen is then being used to fund their nuclear weapons program and although North Korea has repeatedly denied allegations, they have not stopped. It is estimated that the group stole hundreds of millions of dollars in 2019 and more research has been conducted to determine just which hacks were carried out by the group and what their methodology might be.
According to a report by Consensys, the hacker group targeted several crypto exchanges last year and created a very realistic looking trading bot which they used to target employees of DragonEX, a currency exchange that suffered a hack in 2019.
The hack place took place in March 2019 and $7 million worth of cryptocurrency was stolen from DragonEX but before this took place, the hackers created a very realistic looking website for a fake company called WFC Proof and offered a realistic-looking trade bot to the employees of DragonEX at the time.
The trading bot, though authentic-looking, was laced with malware that would infect any computer that it was placed on. Ironically, the website created for the fake trading bot had put a warning about not allowing anyone to steal private keys. When the malware accessed the computer in which the keys to the DragonEX hot wallet was kept, it enabled the hackers to steal the funds.
It is also worth noting that the attackers have changed tactics in terms of redeeming their stolen cryptocurrency. In 2018, the hackers would wait up to a full year before trading in their cryptocurrency to make sure the coast was clear. By 2019, they were using mixers in order to safely exchange the cryptocurrency as early as 60 days after the initial hack took place.