A cybercriminal syndicate believed to be linked to the North Korean government breached the Singapore-based DragonEx exchange and stole $7 million worth of cryptocurrencies in March 2019, Radio Free Asia said Wednesday.

Hackers of the Lazarus Group withdrew cryptocurrencies, including Bitcoin, Ripple and Litecoin, RFA said, citing findings released by US-based blockchain firm Chainalysis. The group created a fake company offering an automated trading bot with a fabricated website and employees, and approached key figures at DragonEx.

DragonEx employees downloaded a free trial of the trading bot software, giving the hackers access to their computers. The hackers made off with millions. Chainalysis said the Lazarus tactics demonstrate another level of sophistication as they go beyond conventional email or small-scale website phishing attempts.

Lazarus’ hacks into DragonEx reveal deep knowledge of the cryptocurrency ecosystem necessary to successfully impersonate legitimate participants, Chainalysis said, noting the group is different from other hackers because its motivations are primarily financial rather than chaos itself.

In September, the US Treasury said North Korea uses funds from exchange hacks to bankroll its weapons program. The Treasury announced it was sanctioning Lazarus hackers and its two subgroups Bluenoroff and Andariel that perpetrate “cyberattacks to support illicit weapon and missile programs.”

By Choi Si-young (siyoungchoi@heraldcorp.com)