Key Takeaways
- Reportedly, the hackers sold about 57% of the stolen ETH on exchanges potentially operated by North Korean entities.Â
- The stolen ETH now valued above $1 Billion
South Korean authorities have officially confirmed that North Korean hacker groups Lazarus and Andariel were responsible for the 2019 hack of South Korea-based crypto exchange Upbit. Â
The National Office of Investigation announced on November 21 that the hack, which resulted in the theft of 342,000 Ether (ETH), was carried out by these two groups. At the time of the theft, the stolen ETH was valued at approximately $50 million, but with Ether’s value surging since then, the stolen amount would now exceed $1 billion.
The investigation into the hack took five years, with authorities tracking cryptocurrency flows and IP addresses. Additionally, they analyzed the use of the North Korean language and utilized information from the U.S. Federal Bureau of Investigation (FBI) to help confirm North Korea’s involvement. The confirmation marks the first time that a South Korean investigative agency has publicly acknowledged the role of North Korea in a crypto theft.
In the aftermath of the breach, it is believed that the hackers sold about 57% of the stolen ETH on exchanges potentially operated by North Korean entities. The remaining funds were reportedly laundered through 51 foreign exchanges. However, South Korean police have withheld details about the methods used in the attack, citing concerns about potential imitation attacks.
The Upbit hack initially occurred on November 27, 2019, when the exchange reported that its hot wallet had been compromised. The stolen Ether, valued at around $147 per coin at the time, amounted to $50 million. Since then, ETH’s value has increased significantly, making the theft far more valuable today.
The announcement comes amid ongoing scrutiny of Upbit’s operations. In November 2023, South Korea’s Financial Intelligence Unit discovered over 600,000 potential violations of Know Your Customer (KYC) regulations while reviewing the exchange’s business license renewal.Â
This development also follows recent FBI investigations that linked Lazarus and APT38, two North Korean hacking groups, to other high-profile crypto thefts, including the theft of over $40 million in Bitcoin earlier this year. An FBI investigation has alerted users of North Korean threat actors that may attempt malicious cyber activities against companies associated with crypto ETFs or other crypto-related financial products.
