South Korean police today, on 21st November, have confirmed that the North Korean cybercriminal groups Lazarus and Andariel masterminded the 2019 theft of 342,000 Ethereum (ETH) from the crypto exchange Upbit.
The stolen assets, initially valued at 58 billion Korean won (approximately USD 50 million), are now estimated to be worth more than USD 1 billion.
South Korea Confirmed the Lazarus Group Behind Upbit Hack
The investigation revealed that 57% of the stolen Ethereum was exchanged for Bitcoin through three cryptocurrency exchanges reportedly operated by North Korea. These trades occurred at a 2.5% discount. The rest of the ETH was laundered with the help of 51 foreign exchanges.
South Korea’s investigative efforts, supported by international cooperation, tracked the movement of these stolen assets. In October 2020, a portion of the stolen Bitcoin was identified at a cryptocurrency exchange in Switzerland.
After a lengthy process of proving the assets’ stolen origins, Swiss authorities recovered 4.8 Bitcoin, valued at approximately 600 million Korean won. These assets were returned to Upbit in October, marking a small but symbolic victory in the fight against cybercrime.
First Official Confirmation of North Korean Hacking
This case marks the first time South Korean authorities have explicitly confirmed North Korea’s involvement in cryptocurrency theft. While the United Nations and other global bodies have previously raised similar accusations, this official confirmation underscores the extent of North Korea’s cyber capabilities and its role in illicit financial activities.
The investigation relied on advanced techniques to link the attacks to North Korea. Authorities tracked cryptocurrency flows, analyzed IP addresses, and identified the use of the North Korean language in related communications. Material assistance from the U.S. Federal Bureau of Investigation (FBI) also played a pivotal role in uncovering key evidence.
Despite these revelations, the police have withheld specific details about the hacking methods, citing concerns over potential recurrence or imitation of the crimes.
Cryptocurrency and Cybercrime
The case highlights the growing role of cryptocurrency in global cybercrime. North Korea has increasingly relied on digital assets to fund its activities amid tightening international sanctions.
By exploiting cryptocurrency’s decentralized and relatively anonymous nature, groups like Lazarus and Andariel have conducted large-scale cyberattacks, targeting exchanges and individuals worldwide.
The use of multiple laundering techniques and international exchanges further complicates asset recovery. In this instance, stolen Ethereum was first converted into Bitcoin at a discounted rate and then distributed across several platforms. Some of the stolen funds remained dormant for years before being traced and recovered.
The Upbit case serves as a warning to cryptocurrency exchanges and users. It underscores the need for robust security measures and international collaboration in combating cybercrime.
This incident not only sheds light on North Korea’s role in the global hacking ecosystem but also emphasizes the need for vigilance and innovation in safeguarding digital assets.