The South Korean police have confirmed that 342,000 Ethereum (ETH) was stolen from the Upbit cryptocurrency exchange by the North Korean hacking groups Lazarus and Andariel. The theft, initially valued at around $41.5 million, is now worth over $1 billion due to market increases. This marks the first time a South Korean investigative body has directly attributed such a large-scale cryptocurrency theft to North Korea.
The investigation involved blockchain analysis, IP address tracking, and unique traces such as the use of North Korean vocabulary in the deployed malware. The FBI also supported the investigation, highlighting its global nature. The stolen Ethereum was laundered through various means, with 57% converted into Bitcoin via North Korean-operated exchanges at discounted rates.
north korean crypto hacking exposed
The remainder was distributed across 51 international exchanges, making it difficult to trace. South Korean authorities, in collaboration with Swiss prosecutors, managed to recover 4.8 Bitcoin (valued at around 600 million won today) from a Swiss exchange after years of legal efforts.
The Lazarus Group is a cybercrime organization connected to the North Korean government, known for its wide-ranging cyber activities since at least 2009. The group’s operations are believed to fund North Korea’s nuclear and weapons programs, circumventing international sanctions. Andariel, a subdivision of Lazarus, focuses on financial cyberattacks, particularly targeting banks, ATMs, and cryptocurrency platforms.
The group’s operations are a critical part of North Korea’s efforts to generate illicit revenue to bypass international sanctions. The South Korean police’s findings highlight the sophisticated and persistent nature of North Korea’s cybercrime activities, emphasizing the critical need for global cooperation in addressing such threats.
