According to local media, South Korea confirmed that North Korea was behind the theft of 342,000 Ethereum (ETH) tokens. The 2019 loot, worth approximately 58 billion Won or $41.5 million, was stolen from the Upbit crypto exchange.
The stolen tokens, now valued at 1.47 trillion Won, represent one of the largest cryptocurrency heists attributed to North Korea.
North Korea’s Involvement Uncovered
Per the report, the National Investigation Headquarters of South Korea’s National Police Agency announced on November 21 that two North Korean hacking groups, Lazarus and Andariel, orchestrated the attack. Both groups are known affiliates of North Korea’s Reconnaissance General Bureau, a state agency linked to cyber espionage and financial crimes.
Investigators relied on a combination of digital forensics, including tracking IP addresses and analyzing the flow of stolen cryptocurrencies. The probe also identified linguistic traces of North Korean vocabulary.
“It was revealed that traces of the North Korean term ‘Heulhan Il’ (a word meaning ‘unimportant matter’) were found on the computer used in the attack at the time,” another local Korean media corroborated.
This linguistic fingerprint, alongside other technical evidence, strengthened the case against North Korea. According to the report, the US Federal Bureau of Investigation (FBI) police also aided the investigation. They provided additional evidence linking the attack to North Korea.
Following the theft, the perpetrators exchanged 57% of the stolen Ethereum for Bitcoin on three cryptocurrency exchanges believed to be operated by North Korea. These transactions happened at prices 2.5% below market value, presumably to expedite the sale. They then distributed the remaining Ethereum across 51 overseas exchanges and laundered them to obscure its origins.
In 2020, some of the stolen cryptocurrency was identified at a Swiss crypto exchange. After a four-year effort to prove its source to Swiss prosecutors, South Korean authorities recovered 4.8 Bitcoin (BTC), worth around 600 million won. The recovered funds were later returned to Upbit in October 2024.
Concerns Over North Korea and Upbit Woes
Meanwhile, North Korea’s involvement in cryptocurrency crimes is not new. After a series of reports, authorities have noted a shift in tactics. As BeInCrypto reported recently, hackers linked to the regime are increasingly targeting crypto firms with sophisticated methods. Among the most prevalent techniques are phishing campaigns and supply chain attacks.
“The campaign, which we dubbed ‘Hidden Risk’, uses emails propagating fake news about cryptocurrency trends to infect targets via a malicious application disguised as a PDF file,” a recent report read.
This change of tact highlights the urgency for heightened cybersecurity measures across the industry. Notwithstanding, the confirmation of North Korea’s involvement in the 2019 Upbit hack marks a significant development.
While the United Nations (UN) and foreign governments have previously accused North Korea of funding its weapons programs through crypto theft, this is the first time South Korean authorities have officially linked the regime to a major cryptocurrency heist. The incident highlights the dual vulnerabilities facing the cryptocurrency industry.
First, external threats from state-sponsored hackers and, second, internal risks tied to inadequate regulatory compliance. Against the latter, and as BeInCrypto reported, South Korea’s Financial Intelligence Unit recently cited concerns about inadequate user verification systems. Specifically, the unit flagged over 600,000 potential KYC violations at Upbit, South Korea’s largest cryptocurrency exchange.
The discovery of mass KYC violations at Upbit raises questions about whether exchanges are doing enough to prevent illicit activities. Improved oversight, combined with stricter enforcement of anti-money laundering (AML) measures, could help deter future attacks and ensure a safer trading environment for investors.
The exchange is also facing an antitrust investigation by South Korea’s Fair Trade Commission, which is examining potential abuses of market dominance.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
