North Korea confirmed perpetrator of 2019 Upbit crypto theft

Home > National > North Korea

print dictionary print

North Korea confirmed perpetrator of 2019 Upbit crypto theft

Audio report: written by reporters, read by AI


A Korean National Police Agency diagram shows how North Korean hacker groups laundered the cryptocurrency they stole from South Korean exchange Upbit in 2019. [KOREAN NATIONAL POLICE AGENCY]

A Korean National Police Agency diagram shows how North Korean hacker groups laundered the cryptocurrency they stole from South Korean exchange Upbit in 2019. [KOREAN NATIONAL POLICE AGENCY]

 
A hacking incident five years ago in which 58 billion won ($41.5 million) in cryptocurrency was stolen from a South Korean exchange has been confirmed to have been perpetrated by North Korea.
 
The South Korean National Police Agency announced Thursday that North Korean hacker groups Lazarus and Andariel were involved in the theft of 342,000 Ethereum tokens from the cryptocurrency exchange Upbit in November 2019.
 

Related Article

The stolen assets are now worth 147 billion won.
 
Police deduced that North Korea was behind the theft by analyzing North Korean IP addresses, cryptocurrency transaction records, linguistic traces of North Korean terminology and evidence obtained in cooperation with the U.S. Federal Bureau of Investigation.
 
Although there have been UN reports and statements by foreign governments about North Korea’s cryptocurrency-hacking activities, this marks the first time a domestic investigative agency has officially confirmed such involvement.
 
According to police, 57 percent of the stolen assets were traded off for Bitcoin at a price 2.5 percent lower than market price through three exchange sites. These sites are also suspected of being created by North Korea.
 
The rest of the stolen cryptocurrency was laundered through 51 overseas exchanges across 13 countries, including the United States and China.
 
Police were unable to confirm how the stolen 58 billion won was ultimately utilized. Most overseas exchanges reportedly did not respond to requests from South Korean police to return the misappropriated cryptocurrency.
 
However, police confirmed that a portion of the misappropriated cryptocurrency was stored in a cryptocurrency exchange based in Switzerland. After providing evidence to the Swiss prosecution, the police, in cooperation with the prosecution and the Ministry of Justice, pursued mutual legal assistance in criminal matters with Switzerland.
 
A screenshot of a cryptocurrency website that North Korean hacker groups used to launder the Ethereum coins they stole from South Korean exchange Upbit in 2019 [KOREAN NATIONAL POLICE AGENCY]

A screenshot of a cryptocurrency website that North Korean hacker groups used to launder the Ethereum coins they stole from South Korean exchange Upbit in 2019 [KOREAN NATIONAL POLICE AGENCY]

 
Last month, police eventually recovered approximately 4.8 Bitcoin tokens, valued at around 600 million won. The recovered cryptocurrency was then returned to Upbit.
 
While this is the first confirmed instance of North Korea targeting a domestic exchange, its hacking organizations have long been known in the international community for stealing virtual assets.
 
In July, India's largest cryptocurrency exchange suffered over $200 million in damages due to an external attack, with Lazarus identified as the main culprit.
 
Around the same time, a Japanese cryptocurrency exchange lost $35 million in a theft also suspected to have been carried out by Lazarus.
 
According to a report published in March by the UN Security Council Sanctions Committee on North Korea, the state was estimated to have stolen about $3 billion through cyberattacks on cryptocurrency-related businesses from 2017 to 2023, with investigations ongoing into 58 suspected cases.
 
In the past, North Korea secured foreign currency through legitimate means such as exporting overseas labor and trade. However, these avenues have been largely blocked by international sanctions.
 
In addition to Lazarus and Andariel, other well-known North Korean hacking groups include Kimsuky and APT38, all of which are linked to the Reconnaissance General Bureau, North Korea's military intelligence agency.
 
“We will do our best not only in investigating the methods and perpetrators of cyberattacks, but also preventing harm and helping with recovery,” said the police.

BY KIM MIN-YOUNG [[email protected]]
Log in to Twitter or Facebook account to connect
with the Korea JoongAng Daily
help-image Social comment?
s
lock icon

To write comments, please log in to one of the accounts.

Standards Board Policy (0/250자)