South Korean investigators revealed that the 2019 Upbit cryptocurrency heist, which resulted in the theft of $50 million worth of ETH, was carried out by Bureau-linked North Korean hacking groups Lazarus and Andariel Reconnaissance General, which happens to be the DPRK’s premier intelligence organization. .
Upbit, one of South Korea’s leading crypto exchanges, first reported the attack exactly five years ago. During the incident, 342,000 ETH, worth approximately $147 per ether, was stolen from the exchange’s hot wallet. The value of the stolen stash was reportedly around 1.47 trillion won, or more than $1.04 billion today.
Upbit hack investigation
According to a report from Seoul-based Yonhap News Agency, the investigation involved collaboration with the FBI, which identified North Korean IP addresses, virtual asset flow patterns and vocabulary traces as key evidence. Nearly 57% of the stolen Ethereum was converted to Bitcoin at discounted rates through exchanges controlled by North Korea, while the rest was laundered through 51 foreign exchanges.
South Korean police, with the help of Swiss prosecutors, recovered 4.8 bitcoins, worth about 600 million won, from a Swiss exchange and returned them to Upbit in October.
The authorities also noted,
“While there have been UN reports and announcements from foreign governments regarding the hacking of North Korea’s virtual assets, this is the first time a domestic investigative agency has officially confirmed it. “
After the November 2019 exploit, Upbit reportedly implemented various measures to prevent this from happening again, including distributing and operating hot wallets. Despite this, Dunamu, the platform’s operator, revealed that Upbit suffered over 159,000 hacking attempts in the first six months of 2023, representing an increase of 117% compared to 2022 figures and an astonishing 1,800% spike compared to the first half of 2020.
North Korea’s cyber war
North Korean hackers have long targeted South Korea for crypto-related crimes.
Last year, South Korean law enforcement reported that North Korean hackers were posing as government officials and journalists to deceive their victims. Using email phishing tactics, they managed to extract information from around 1,500 people between March and October. Most of the victims were in the private sector, while 57 were current or former government officials.
Binance Free $600 (CryptoPotato Exclusive): Use this link to create a new account and receive an exclusive $600 welcome offer on Binance (all details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to sign up and open a FREE $500 position on any coin!
