North Korea last year stole cryptocurrency from South Korea worth billions of won, said Seoul’s top spy agency Monday, accusing the reclusive regime of trying to hack into exchanges by sending emails with customer information.

The National Intelligence Service also confirmed that Hwang Pyong-so and Kim Won-hong, former head and vice chief of the General Political Bureau, respectively, were removed from their posts following an inspection, and Kim Jong-gak, a vice chief of the Ministry of the People’s Armed Forces, was appointed as a new chief.

During a closed-door meeting with lawmakers, the NIS warned against the possibility that North Korea would conduct another nuclear test at its Punggye-ri site and display an array of ballistic missiles during its upcoming military parade to be held Thursday.

“Targeting South Korea’s cryptocurrency exchanges and their customers, North Korea sent emails that could hack into the system and stole customers’ secret numbers,” the NIS said in a report, according to lawmakers who attended the session.

“Cryptocurrency worth billions of won were stolen,” the NIS told the lawmakers at a parliamentary intelligence committee, without elaborating which exchanges were breached. To put “billions” in perspective, 1 billion won in cryptocurrency equals some $920,000. 

The intelligence agency also briefed the lawmakers that North Korea had used a South Korean company’s technology to neutralize an anti-hacking system and used a job application email as a decoy for hacking attempts.

When asked about which South Korean companies were breached, the NIS declined to reveal the identities of the companies and individuals attacked, Rep. Kim Byung-kee of the ruling Democratic Party of Korea told reporters after attending the session.

According to the lawmakers, the NIS noted that North Korea has been trying to use emails or social networking services to hack into South Korea’s defense and procurement agencies and North Korean activist groups in the South.

Separately, the NIS told the lawmakers it had confirmed that North Korea conducted an inspection of the General Political Bureau for three months from October, which resulted in the removal of former head Hwang Pyong-so from power.

“As a result of the inspection, Hwang was dismissed from the bureau chief post, and he is presumed to be currently taking ideological education at a high-level party school,” an NIS official was quoted by Rep. Kang Seok-ho of the main opposition Liberty Korea Party, who attended the briefing.

In November, the NIS told the National Assembly that the North conducted a rare inspection of the bureau for the first time in two decades due to its “impure attitude.” The bureau is seen as an influential military institution that controls the crucial personnel management of other defense establishments.

Regarding the possibility of another nuclear test by the North, the NIS reiterated its previous assessment that the country’s Tunnel 3 of Punggye-ri nuclear site is available for another nuclear test “whenever it is ready.”

While Tunnel 2 of the site has been left unattended since the sixth nuclear test in September last year, excavation work is under way at Tunnel 4, the NIS told the lawmakers.

By Yeo Jun-suk (jasonyeo@heraldcorp.com)