South Korean officials have identified North Korea’s famed hacker gangs Lazarus and Andariel as responsible for the 2019 Upbit cryptocurrency exchange breach. The attack resulted in the theft of 342,000 Ether (ETH), worth $50 million at the time. The stolen cryptocurrency is now worth more than $1 billion due to Ethereum’s rising value.
Investigators from South Korea’s National Office of Investigation worked with other agencies, including the FBI, to determine the source of the attack. They investigated digital trails, such as IP addresses and blockchain transaction patterns, and linked the crime to North Korean perpetrators.
The stolen ETH was mostly liquidated, with 57% sold on exchanges allegedly run by North Koreans. The remaining monies were dispersed and laundered over more than 50 international sites, complicating collection attempts.
This is the first time South Korean police have conclusively linked a bitcoin hack to North Korea. Officials withheld information about the specific hacking techniques to avoid future copycat crimes, but stressed the attackers’ technical methods.
The attack occurred in November 2019 and targeted Upbit’s hot wallet, which included operational funds. At the time, Ethereum was valued at around $147 per coin. Upbit promptly reported the intrusion and instituted safeguards to prevent future instances.
The Lazarus Group, known for high-profile cybercrimes including the Axie Infinity Ronin Network theft and the Sony Pictures hack, has established itself as one of the world’s most skilled and dangerous hacker teams.
During the hack investigation, Upbit was subjected to regulatory scrutiny for suspected Know Your Customer (KYC) violations. Authorities reported more than 600,000 instances of inappropriate user verification, raising worries about the exchange’s compliance standards. Penalties for these infractions might amount to $71,500 per case, threatening Upbit’s business license renewal.
This case shows the rising convergence of cybercrime, cryptocurrencies, and geopolitics, as countries contend with the global consequences of digital asset theft. The ongoing investigations into North Korea’s cyber operations highlight the urgent need for greater cybersecurity and regulatory measures in the bitcoin business.
