South Korea Unveils North Korea’s Role in Upbit Hack
South Korea confirmed that North Korea was behind the theft of 342,000 Ethereum (ETH) tokens, according to local media reports. Around 58 billion won ($41.5 million) worth of loot was stolen from the Upbit cryptocurrency exchange in 2019.
The stolen coins are currently worth 1.47 trillion won, making it one of North Korea’s largest cryptocurrency thefts.
North Korea’s involvement discovered
according to ReportThe National Investigation Headquarters of the South Korean National Police Agency announced on November 21 that two North Korean hacker groups, Lazarus and Andariel, planned the attack. Both organizations are affiliates of North Korea’s Reconnaissance Service, a state agency associated with cyberespionage and financial crime.
Investigators rely on a combination of digital forensics, including tracking IP addresses and analyzing stolen traffic cryptocurrency. The investigation also found linguistic traces of North Korean vocabulary.
Another local South Korean media said, “It was revealed that traces of the Korean word ‘Heulhan Il’ (meaning ‘unimportant things’) were found on the computers used in the attack.” Confirmed.
This linguistic fingerprint, along with other technical evidence, strengthens the case against North Korea. According to reports, the US Federal Bureau of Investigation (FBI) police also assisted in the investigation. They provided more evidence linking the attack to North Korea.
After the theft, the perpetrators converted 57% of the stolen ether into bitcoin on three cryptocurrency exchanges believed to be operated by North Korea. The deals were priced at 2.5% below market value, presumably to speed up the sale. They then distributed the remaining ether to 51 overseas exchanges and laundered it to obscuring its origins.
In 2020, a Swiss cryptocurrency exchange discovered some of the stolen cryptocurrencies. After four years of trying to prove its origin to Swiss prosecutors, South Korean authorities recovered 4.8 Bitcoin (Bitcoin), worth about 600 million won. The recovered funds were subsequently returned to Upbit in October 2024.
North Korea Concerns and Upbit’s Dilemma
At the same time, North Korea’s involvement in cryptocurrency crimes is not new. After a series of reports, Authorities note shift in strategy. As BeInCrypto recently reported, hackers linked to the regime are increasingly targeting cryptocurrency companies using sophisticated methods. The most popular techniques include phishing campaigns and supply chain attacks.
“This campaign, which we refer to as ‘Hidden Risk,’ uses email to spread fake news about cryptocurrency trends, infecting targets through malicious applications disguised as PDF files,” a recent report read.
This change in strategy highlights the urgency for increased cybersecurity measures across the industry. Still, the confirmation of North Korea’s involvement in the 2019 Upbit hack marks a significant development.
Although United Nations (The United Nations) and foreign governments have previously accused North Korea of stealing cryptocurrencies to fund its weapons programs, and this is the first time South Korean authorities have officially linked the regime to a major cryptocurrency theft. The incident highlights the twin vulnerabilities faced by the cryptocurrency industry.
First, external threats from state-sponsored hackers; second, internal risks associated with insufficient regulatory compliance. Regarding the latter, as BeInCrypto reported, South Korea’s Financial Intelligence Unit recently cited concerns about insufficient user verification systems. Specifically, the unit Over 600,000 potential KYC violations flagged Upbit, South Korea’s largest cryptocurrency exchange.
The massive KYC breach discovered by Upbit raises questions about whether the exchange is doing enough to prevent illegal activity. Increased regulation, coupled with stricter enforcement of anti-money laundering (AML) measures, can help deter future attacks and ensure a safer trading environment for investors.
The exchange also faces Korea Fair Trade Commission antitrust investigationis reviewing potential abuse of dominant market position.
Disclaimer
follow trust project BeInCrypto is committed to fair and transparent reporting. This news article is designed to provide accurate and timely information. However, readers are advised to independently verify the facts and consult a professional before making any decisions based on the content of this article. Please note that our terms and Conditions, privacy policyand Disclaimer Updated.
