North Korea confirmed perpetrator of 2019 Upbit crypto theft
Update: 2024-11-21
Description
This article is by Kim Min-young and read by an artificial voice.
A hacking incident five years ago in which 58 billion won ($41.5 million) in cryptocurrency was stolen from a South Korean exchange has been confirmed to have been perpetrated by North Korea.
The South Korean National Police Agency announced Thursday that North Korean hacker groups Lazarus and Andariel were involved in the theft of 342,000 Ethereum tokens from the cryptocurrency exchange Upbit in November 2019.
The stolen assets are now worth 147 billion won.
Police deduced that North Korea was behind the theft by analyzing North Korean IP addresses, cryptocurrency transaction records, linguistic traces of North Korean terminology and evidence obtained in cooperation with the U.S. Federal Bureau of Investigation.
Although there have been UN reports and statements by foreign governments about North Korea's cryptocurrency-hacking activities, this marks the first time a domestic investigative agency has officially confirmed such involvement.
According to police, 57 percent of the stolen assets were traded off for Bitcoin at a price 2.5 percent lower than market price through three exchange sites. These sites are also suspected of being created by North Korea.
The rest of the stolen cryptocurrency was laundered through 51 overseas exchanges across 13 countries, including the United States and China.
Police were unable to confirm how the stolen 58 billion won was ultimately utilized. Most overseas exchanges reportedly did not respond to requests from South Korean police to return the misappropriated cryptocurrency.
However, police confirmed that a portion of the misappropriated cryptocurrency was stored in a cryptocurrency exchange based in Switzerland. After providing evidence to the Swiss prosecution, the police, in cooperation with the prosecution and the Ministry of Justice, pursued mutual legal assistance in criminal matters with Switzerland.
Last month, police eventually recovered approximately 4.8 Bitcoin tokens, valued at around 600 million won. The recovered cryptocurrency was then returned to Upbit.
While this is the first confirmed instance of North Korea targeting a domestic exchange, its hacking organizations have long been known in the international community for stealing virtual assets.
In July, India's largest cryptocurrency exchange suffered over $200 million in damages due to an external attack, with Lazarus identified as the main culprit.
Around the same time, a Japanese cryptocurrency exchange lost $35 million in a theft also suspected to have been carried out by Lazarus.
According to a report published in March by the UN Security Council Sanctions Committee on North Korea, the state was estimated to have stolen about $3 billion through cyberattacks on cryptocurrency-related businesses from 2017 to 2023, with investigations ongoing into 58 suspected cases.
In the past, North Korea secured foreign currency through legitimate means such as exporting overseas labor and trade. However, these avenues have been largely blocked by international sanctions.
In addition to Lazarus and Andariel, other well-known North Korean hacking groups include Kimsuky and APT38, all of which are linked to the Reconnaissance General Bureau, North Korea's military intelligence agency.
"We will do our best not only in investigating the methods and perpetrators of cyberattacks, but also preventing harm and helping with recovery," said the police.
A hacking incident five years ago in which 58 billion won ($41.5 million) in cryptocurrency was stolen from a South Korean exchange has been confirmed to have been perpetrated by North Korea.
The South Korean National Police Agency announced Thursday that North Korean hacker groups Lazarus and Andariel were involved in the theft of 342,000 Ethereum tokens from the cryptocurrency exchange Upbit in November 2019.
The stolen assets are now worth 147 billion won.
Police deduced that North Korea was behind the theft by analyzing North Korean IP addresses, cryptocurrency transaction records, linguistic traces of North Korean terminology and evidence obtained in cooperation with the U.S. Federal Bureau of Investigation.
Although there have been UN reports and statements by foreign governments about North Korea's cryptocurrency-hacking activities, this marks the first time a domestic investigative agency has officially confirmed such involvement.
According to police, 57 percent of the stolen assets were traded off for Bitcoin at a price 2.5 percent lower than market price through three exchange sites. These sites are also suspected of being created by North Korea.
The rest of the stolen cryptocurrency was laundered through 51 overseas exchanges across 13 countries, including the United States and China.
Police were unable to confirm how the stolen 58 billion won was ultimately utilized. Most overseas exchanges reportedly did not respond to requests from South Korean police to return the misappropriated cryptocurrency.
However, police confirmed that a portion of the misappropriated cryptocurrency was stored in a cryptocurrency exchange based in Switzerland. After providing evidence to the Swiss prosecution, the police, in cooperation with the prosecution and the Ministry of Justice, pursued mutual legal assistance in criminal matters with Switzerland.
Last month, police eventually recovered approximately 4.8 Bitcoin tokens, valued at around 600 million won. The recovered cryptocurrency was then returned to Upbit.
While this is the first confirmed instance of North Korea targeting a domestic exchange, its hacking organizations have long been known in the international community for stealing virtual assets.
In July, India's largest cryptocurrency exchange suffered over $200 million in damages due to an external attack, with Lazarus identified as the main culprit.
Around the same time, a Japanese cryptocurrency exchange lost $35 million in a theft also suspected to have been carried out by Lazarus.
According to a report published in March by the UN Security Council Sanctions Committee on North Korea, the state was estimated to have stolen about $3 billion through cyberattacks on cryptocurrency-related businesses from 2017 to 2023, with investigations ongoing into 58 suspected cases.
In the past, North Korea secured foreign currency through legitimate means such as exporting overseas labor and trade. However, these avenues have been largely blocked by international sanctions.
In addition to Lazarus and Andariel, other well-known North Korean hacking groups include Kimsuky and APT38, all of which are linked to the Reconnaissance General Bureau, North Korea's military intelligence agency.
"We will do our best not only in investigating the methods and perpetrators of cyberattacks, but also preventing harm and helping with recovery," said the police.
Comments
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
In Channel