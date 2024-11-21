South Korean investigators revealed that the 2019 Upbit cryptocurrency heist, which resulted in the theft of $50 million worth of ETH, was carried out by North Korean hacking groups Lazarus and Andariel, linked to the Reconnaissance General Bureau, which happens to be DPRK’s premiere intelligence organization.

Upbit, one of South Korea’s leading crypto exchanges, first reported the attack exactly five years ago. During the incident, 342,000 ETH, worth around $147 per ether, were stolen from the exchange’s hot wallet. The stolen stash would have been worth around 1.47 trillion won or over $1.04 billion today.

Upbit Hack Investigation

According to a report by Seoul-based news agency Yonhap, the investigation involved collaboration with the FBI, which identified North Korean IP addresses, virtual asset flow patterns, and vocabulary traces as key evidence. Nearly 57% of the stolen Ethereum was converted to Bitcoin at discounted rates through North Korean-controlled exchanges, while the remainder was laundered via 51 overseas platforms.

South Korean police, with the assistance of Swiss prosecutors, recovered 4.8 bitcoins, worth approximately 600 million won, from a Swiss exchange and returned them to Upbit in October.

The authorities also noted,

“Although there have been UN reports and foreign government announcements regarding North Korea’s virtual asset hacking, this is the first time that a domestic investigative agency has officially confirmed it.”

After the exploit back in November 2019, Upbit is said to have implemented various measures to prevent a recurrence, including the distribution and operation of hot wallets. Despite this, Dunamu, the platform’s operator, disclosed that Upbit experienced more than 159,000 hacking attempts in the first six months of 2023, which is a 117% increase from 2022’s figures and an astonishing 1,800% spike from 2020’s first half.

North Korea’s Cyber Warfare

North Korean hackers have a history of targeting South Korea for crypto-related crimes.

Last year, South Korean law enforcement reported that hackers from North Korea posed as government officials and journalists to deceive victims. Using email phishing tactics, they managed to extract information from approximately 1,500 individuals between March and October. Most victims were from the private sector, while 57 were current or former government officials.