North Korea’s infamous hacking group, dubbed Lazarus, has managed to steal over half a billion dollars in cryptocurrencies, a report indicates.

According to an article published Friday by The Next Web, the coming annual report from cybersecurity vendor Group-IB sets out that Lazarus was behind 14 hacks on crypto exchanges since January 2017, reaping a massive $571 million from the attacks.

The news backs up claims from officials in South Korea, who said in February that North Korean hackers likely stole tens of millions of dollars’ worth in cryptocurrencies in 2017.

As reported by CoinDesk, the country’s National Intelligence Service said that phishing scams and other criminal methods methods had yielded tens of billions of won in customer funds. Authorities were also probing whether the same hackers were behind the January hack of the Coincheck exchange, which saw over $500 million in cryptocurrency taken – though Lazarus wasn’t specifically mentioned.

More generally, Group-IB also indicates that $882 million in cryptocurrency was stolen from exchanges in total from 2017 to 2018, according to a summary of the report obtained by the tech news source.

The security provider said the number of attacks targeting crypto exchanges is likely to rise further, with hackers of more traditional financial institutions such as banks being drawn to the space seeking big gains.

The summary also looks at the methods used by hackers in order to carry out their attacks, saying spear phishing, social engineering and malware are the most widespread tools of the illicit trade.

TNW cited the report as saying that spear phishing – targeting individuals or organizations with malware delivered via an email attachment – is the “major vector of attack” on enterprise networks. It adds:

“After the local network is successfully compromised, the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets.”

Furthermore, says Group-IB, hackers have made off with 10 percent of the funds raised by ICO platforms since early 2017, with phishing the most common means of attack.

The firm reportedly suggests that over-keen investors have been rushing to participate in token sales without paying sufficient attention to their security, often falling foul of tricks such as fake websites. For example, one such fake targeted would-be investors in the major ICO launched by Telegram, as reported in March.

Group-IB further warns that mining pools could prove a tempting target for hackers, saying bad actors could employ 51 percent attacks to take over networks, as has happened at a number of crypto projects this year.

Hacking image via Shutterstock