Photo/IllutrationA hacker who converted cryptocurrency stolen from Coincheck Inc. into other digital currencies posts an image of North Korean leader Kim Jong Un. The website was later closed. (Tatsuya Sudo)

  • Photo/Illustraion
  • Photo/Illustraion
  • Photo/Illustraion

Viruses connected to Russian hackers were found on a personal computer that was used to steal NEM cryptocurrency worth about 58 billion yen ($535 million), an attack initially blamed on North Koreans, sources said.

In fact, it was a Russian security company that fueled speculation that a North Korean group had hacked the personal computer of an employee of Tokyo-based cryptocurrency exchange Coincheck Inc.

In January 2018, Coincheck said that illegal access resulted in the loss of vast amounts of NEM cryptocurrency that had been deposited by its clients.

The investigation found that the Coincheck employee had installed software that was contained in an e-mail sent by a hacker. The computer became infected, giving the perpetrator a “key” to open, operate--and steal from--the NEM accounts.

According to several people involved in the investigation, two viruses--“mokes” and “netwire”--were detected in the employee’s computer.

Both viruses enable remote operations of other people’s computers.

Mokes was first put on sale in June 2011 on a bulletin board on the dark web written in Russian. The virus is believed to be used by Russian hackers.

The existence of netwire was confirmed in 2012.

Investigators found that the two viruses have also been used in attacks on cryptocurrency exchanges in other countries since 2016.

A U.S. expert said an analysis of the viruses indicates that such attacks are connected to a group of cybercriminals based in East Europe or Russia.

A Russian security company compiled a report in October 2018 that pointed to a North Korean group of hackers as the likely culprit behind the attack on Coincheck.

A U.N. experts’ panel on North Korea said the Russian company’s view was a possibility, and more fingers started pointing at Pyongyang.

According to several experts, however, no cases have been confirmed of the North Korean group using the mokes virus.


The U.N. experts’ panel on North Korea was set up in 2009 based on a U.N. Security Council resolution.

It checks on suspected North Korean violations of UNSC resolutions and reports its investigation results to the council.

The panel consists of researchers specializing in such fields as nuclear weaponry, missiles, trade and transportation.

Although U.N. members are obliged to cooperate with the panel’s investigations, it does not have the power to conduct compulsory investigations.

The panel’s investigations depend on its members’ human networks and any information that is disclosed.

If the panel’s reports are released, they become official U.N. documents that can serve as basis for independent sanctions imposed against North Korea by a U.N. member.

(Gakushi Fujiwara in New York contributed to this article.)