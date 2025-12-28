 Foreign hacker who stole $1.18 million in crypto assets extradited to Korea
Foreign hacker who stole $1.18 million in crypto assets extradited to Korea

Published: 28 Dec. 2025, 16:29 Updated: 28 Dec. 2025, 17:19
Officers from the National Office of Investigation (NOI) under the Korean National Police Agency raid the home of a foreign hacker who stole more than 1.7 billion won ($1.18 million) worth of virtual assets by installing malware that secretly altered wallet addresses [NATIONAL POLICE AGENCY]

A foreign hacker who stole more than 1.7 billion won ($1.18 million) worth of virtual assets by installing malware that secretly altered wallet addresses has been extradited to Korea.
 
The National Office of Investigation (NOI) under the Korean National Police Agency announced on Sunday that the 29-year-old Lithuanian national had been extradited from Georgia. The suspect is accused of stealing cryptocurrency from Korean and other international victims.
 

From April 2020 to January 2023, the suspect distributed malicious software called KMSAuto — disguised as a Microsoft Windows activation tool — approximately 2.8 million times worldwide.
 
The malware employed a so-called “memory hacking” technique, automatically replacing cryptocurrency wallet addresses with the hacker’s own during transactions conducted on infected computers.
 
The scheme targeted users who did not use licensed activation software.
 
Over 3,100 wallet addresses were infected, and cryptocurrencies were intercepted in more than 8,400 transactions, totaling about 1.7 billion won. Among the victims were eight Koreans, who lost a combined 16 million won.
 
Korean police launched an investigation in August 2020 after receiving a report from a user who said they had lost one bitcoin — worth approximately 12 million won at the time — due to a transaction being redirected to the wrong address.
 
A person holds a phone with a downward trend in the stock market in front of a screen displaying a Bitcoin logo on Dec. 5. [AFP/YONHAP]

Investigators traced the stolen assets across six countries, including through domestic cryptocurrency exchanges, and identified seven additional Korean victims.
 
After identifying the suspect, Korean police coordinated a joint operation with Lithuania’s Ministry of Justice, prosecutors and police in December last year. Authorities raided the suspect’s residence in Lithuania and seized 22 items, including mobile phones and laptops, under a search warrant.
 
To pursue prosecution in Korea, police requested a red notice from Interpol. Georgian police arrested the suspect upon the suspect's entry into the country in April.
 
Korean authorities requested his extradition from Georgia and, after a five-year and four-month investigation, succeeded in bringing him to Korea, where he was arrested pursuant to a court-issued warrant.
 
“The Korean police will pursue and arrest cybercriminals targeting Koreans from overseas through transnational cooperation,” said the National Police Agency.
 
“We will continue to respond firmly to borderless cybercrime through global law enforcement collaboration and extradition,” said Park Woo-hyun, head of cyber investigations at the National Police Agency.


This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY JUNG SI-NAE [[email protected]]
