South Korea Links $42M Upbit Crypto Heist To North Korea
South Korea confirmed that North Korean hacker groups were responsible for the high-profile theft of 342,00 Ethereum(ETH) from Upbit in 2019.
A 21 November 2024 announcement by the country’s National Investigation Headquarters revealed that a detailed probe was conducted in collaboration with international agencies, including the US Federal Bureau of Investigation (FBI).
🚨BREAKING $NEWS: SOUTH KOREA CONFIRMS NORTH KOREA STOLE $42M IN ETHER FROM @OFFICIAL_UPBIT pic.twitter.com/gRDIdHQEvi
— blockchaindaily.news (@blckchaindaily) November 21, 2024
The stolen funds, originally valued at 58 billion Won (approximately $42 million at the time), are now worth over $1.4 trillion won ($1 billion).
The confirmation of North Korea’s role in the Upbit hack adds to mounting evidence of the country’s strategic use of cybercrimes to fund its regime.
Tracing The Cyber Attack: Evidence Points To North Korea
The investigation into the 2019 Upbit hack revealed that the attack was orchestrated by two North Korean hacker groups. The groups Lazarus and Andariel operate under the Reconnaissance General Bureau.
Moreover, the stolen ETH was traced through North Korean-linked IP addresses, laundering activities and linguistic analysis of hacking tools.
Supposedly, the hackers had infiltrated Upbit’s systems in November 2019. They transferred 342,000 ETH from the exchange’s hot wallet to unidentified accounts.
Furthermore, authorities highlighted multiple pieces of evidence linking the attack to North Korea. Forensic analysis revealed the use of North Korean-specific vocabulary, such as the term “Heulhan Il” (translated as “unimportant matter”), found on the attacker’s devices.
North Korea is behind the largest Cyberhacks ever.
Now they have their eyes set on the Crypto industry.
They've exploited
• Ronin Bridge for $625m
• Harmony Bridge for $100mHow did one of the poorest & most isolated nations develop an army of hackers?
It's a wild story: pic.twitter.com/jaFRcmZXFj
— Edgy – The DeFi Edge 🗡️ (@thedefiedge) July 7, 2022
Additionally, the laundering of the stolen ETH was traced to three cryptocurrency exchanges believed to be operated by North Korean entities. The ETH was exchanged for Bitcoin at a discount of 2.5% below market rates. However, the remaining funds were spread across 51 international exchanges, complicating recovery efforts.
Notably, South Korean police, in collaboration with Swiss prosecutors, managed to recover 4.8 Bitcoin in October 2024. This is equivalent to 600 million won.
However, this fund recovery remains only a small portion of the total assets stolen.
EXPLORE: Massive Crypto Scam In India Exposes $2.8 Million Fraud: Here’s What Happened
Strengthening Investor Protection With VAUPA Framework
In July 2023, The Virtual Asset User Protection Act (VAUPA), South Korea’s first comprehensive law regulating cryptocurrency trading, introduced stringent measures to safeguard investors and ensure market integrity. This came into effect on 19 July 2024.
Reportedly, the framework is aimed at curbing unfair trading practices that plagued the country’s rapidly growing digital asset market.
Meanwhile, Dunamu the operator of South Korea’s largest cryptocurrency exchange Upbit, has been at the forefront of compliance. It introduced an enhanced monitoring system incorporating advanced data analytics and integrated market analysis tools.
Industry experts stress that the “order book information loading system” is at the core of monitoring. “With the enactment of the VAUPA, it will become even more crucial for exchanges to prove their compliance capabilities,” a Dunamu official highlighted.
VAUPA was apparently driven by the fallout from a significant industry crisis involving Terraform Labs and its South Korean founder, Do Kwon.
The collapse of Terra in May 2022, which wiped out over $450 billion in market value had highlighted critical regulatory gaps in the crypto ecosystem. This pushed South Korean lawmakers to act swiftly.
Hence, South Korea introduced measures to enhance investor protections and strengthen oversight in the crypto market.
EXPLORE: South Korean Authorities Uncover $232M Crypto Fraud, YouTube Star In Spotlight
North Korea’s Expanding Cyber Operations
According to local news this is the first time that North Korea’s direct involvement in such a cyber-hack has been confirmed. However, global organizations like the United Nations (UN) have long reported on the country’s cyber operations.
In May 2024, the UN suspected that North Korea had carried out at least 97 cyberattacks targeting cryptocurrency firms. Between 2017 and 2024, the hackers amassed an estimated $3.6 billion.
Around 57% of the stolen Ethereum was funnelled through North Korean-controlled platforms to evade detection. The rest was reportedly laundered through a complex network of exchanges globally.
Investigators noted that some of the funds were converted into Bitcoin in 2020. Moreover, they were stored in Switzerland. This highlights North Korea’s ability to adapt and exploit international financial systems.
Disclaimer: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital.
99Bitcoins may receive advertising commissions for visits to a suggested operator through our affiliate links, at no added cost to you. All our recommendations follow a thorough review process.
Free Bitcoin Crash Course
Learn everything you need to know about Bitcoin in just 7 days. Daily videos sent straight to your inbox.