South Korean authorities have officially identified North Korean hackers as the perpetrators of a major Ethereum heist in 2019, marking a significant breakthrough in the investigation.
The stolen cryptocurrency, valued at 58 billion won (approximately $55.7 million) at the time, was traced to North Korea’s Reconnaissance General Bureau, a military intelligence agency. The hackers reportedly infiltrated a South Korea-based exchange to execute the theft.
Detailing the Hack and the Coordinated Efforts Behind Uncovering the Perpetrators
The National Police Agency revealed that the attackers stole 342,000 Ethereum tokens, now valued at over 1.4 trillion won (approximately $1.05 billion), making this one of the most notable crypto thefts on record.
While the specific exchange targeted was not disclosed, Upbit, a leading South Korean exchange, had reported a similar loss in Ethereum to an unidentified wallet in 2019.
The hackers laundered over half of the stolen funds through three self-operated crypto exchanges, offering discounts to convert the assets into Bitcoin. The remaining Ethereum was dispersed across 51 other exchanges globally.
According to the report, the investigation involved cooperation between South Korean authorities and the US Federal Bureau of Investigation (FBI), which used advanced techniques to track Internet Protocol (IP) addresses and the movement of stolen assets.
This marks the first time South Korea has definitively linked a crypto exchange cyberattack to North Korea. Local media outlets attributed the operation to the notorious Lazarus and Andariel hacker groups, both tied to North Korea’s Reconnaissance General Bureau.
Hackers Persistent Threat To The Crypto Industry
Notably, this is not the first time North Korean hackers have been linked to the perpetrators behind significant hacking incidents. Over the past years, this group has gained notoriety for targeting cryptocurrency exchanges and financial platforms to fund their country’s operations.
While authorities do make efforts to recover stolen funds from these notorious hackers, they remain a persistent threat to the crypto industry. Recently, the United Nations flagged North Korea’s involvement in numerous cyberattacks on cryptocurrency platforms.
According to a UN panel report from May, the regime is suspected of orchestrating roughly 97 crypto hacks between 2017 and 2024, collectively valued at $3.6 billion.
These activities are believed to play a major role in funding North Korea’s missile and nuclear programs, highlighting the broader geopolitical implications of these crimes.
Despite the coordinated efforts of authorities and platforms to curb the attacks from these hackers, they have been quite resilient. Just last month, this same hacking group stole roughly $3 billion worth of cryptocurrency from users by “devising a fake blockchain game.”
According to reports, the operation that led to this large sum of theft was conducted by the North Korean hackers within six years, from 2016 to 2022.
Featured image created with DALL-E, Chart from TradingView