342K ETH Upbit Hack Confirmed as North Korea’s Work, Says South Korea

Key Takeaways

• South Korea identifies North Korean hackers as the perpetrators of the 2019 Upbit hack.
• Hackers stole 342,000 ETH, which was then worth $50 million, now valued at $1 billion.
• Authorities recovered 600 million won in stolen crypto assets.

South Korean authorities have officially linked North Korean hackers to the November 2019 hack of Upbit, the country’s largest crypto exchange.

The breach saw the theft of 342,000 Ether (ETH), which was worth $50 million at the time and is now valued at over $1 billion.

The attack, orchestrated by the infamous Lazarus Group and other North Korean state-affiliated hacking teams, marked the first confirmed instance of North Korean involvement in a South Korean crypto heist.

A Historic Attack on South Korea’s Crypto Sector

The Upbit hack was a watershed moment for South Korea’s crypto industry. Upbit, which commands over 70% of the country’s crypto market share, suffered a significant blow when its hot wallet was compromised.

At the time of the hack, ETH was trading at $147.

North Korean hackers had previously targeted international crypto platforms, but the Upbit breach was their first recorded attack on a South Korean exchange.

Investigators traced the stolen assets using IP addresses, virtual asset flow analysis, and linguistic patterns unique to North Korea’s Lazarus group. Collaboration with the FBI and other global agencies further solidified the case.

Nearly 57% of the stolen crypto was converted to Bitcoin (BTC) at a reduced price across three exchanges. The remaining 43% was laundered through 51 international exchanges, adding layers of obfuscation.

Asset Recovery and International Cooperation

After years of coordinated effort, South Korean authorities recovered 600 million won (approximately $428,000) worth of BTC.

The funds were traced to Switzerland-based platforms, highlighting the importance of global collaboration in combating crypto-related cybercrime.

“This case is a result created through long-term, organic cooperation with a number of related organizations.” the National Office of Investigation stated.

Authorities now plan to enhance international coordination to tackle future threats.

North Korean Cybercrime Continues to Evolve

The Lazarus Group and similar outfits have refined their methods over the years, targeting prominent crypto platforms worldwide. In one instance, the group was linked to a $230 million hack of India’s WazirX exchange.

Despite international sanctions and efforts to shut down their operations, North Korean hackers persistently develop new techniques to exploit crypto vulnerabilities.

Reports estimate that these groups have stolen over $3 billion in crypto over the past seven years, with much of it funding North Korea’s nuclear weapons program.