South Korean investigators revealed that the 2019 Upbit cryptocurrency heist, which involved the theft of $50 million in ETH, was carried out by North Korean hacking groups Lazarus and Andariel, linked to the ‘General Reconnaissance Office, which happens to be the first intelligence organization of the DPRK. .
Upbit, one of South Korea’s leading crypto exchanges, first reported the attack exactly five years ago. During the incident, 342,000 ETH, worth about $147 per Ether, was stolen from the exchange’s hot wallet. The stolen storage would have been worth about 1.47 trillion won, or more than $1.04 billion today.
Upbit Hack Research
According to a report by the Seoul-based Yonhap news agency, the investigation involved cooperation with the FBI, which identified North Korean IP addresses, virtual asset flow patterns and vocabulary traces as key evidence. Almost 57% of the stolen Ethereum was converted to Bitcoin at discounted rates through North Korean-controlled exchanges, while the rest was laundered through 51 foreign platforms.
South Korean police, with the help of Swiss prosecutors, recovered 4.8 bitcoins, worth an estimated 600 million won, from a Swiss exchange and returned them to Upbit in October.
Authorities also noted,
“While there have been reports from the UN and announcements from foreign governments about the virtual hacking of North Korean assets, this is the first time a domestic investigative agency has officially confirmed it.”
After the exploit in November 2019, Upbit is said to have implemented various measures to prevent it from happening again, including the distribution and operation of hot wallets. Despite this, Dunamu, the platform’s operator, revealed that Upbit experienced more than 159,000 hacking attempts in the first six months of 2023, which is a 117% increase from 2022 figures and a staggering 1,800% increase compared to the first semester of 2020.
North Korea’s Cyber War
North Korean hackers have a history of targeting South Korea for crypto-related crimes.
Last year, South Korean law enforcement reported that North Korean hackers posed as government officials and journalists to trick victims. Using email phishing tactics, they managed to extract information from approximately 1,500 people between March and October. Most of the victims were from the private sector, while 57 were current or former government officials.
SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).
LIMITED OFFER for CryptoPotato Readers on Bybit – Use this link to register and open a FREE $500 position with any currency!
Bitcoin 
Ethereum 
Tether 
Solana 
BNB 
XRP 
Dogecoin 
USDC 
Lido Staked Ether 
Cardano 
TRON 
Avalanche 
Shiba Inu 
Wrapped Bitcoin 
Wrapped stETH 
Toncoin 
Sui 
Bitcoin Cash 
WETH 
Chainlink 
Pepe 
Polkadot 
Stellar 
LEO Token 
NEAR Protocol 
Litecoin 
Aptos 
Wrapped eETH 
Uniswap 
Cronos 
USDS 
Hedera 
Internet Computer 
Ethereum Classic 
Bonk 
Render 
Kaspa 
Bittensor 
POL (ex-MATIC) 
Ethena USDe 
WhiteBIT Coin 
MANTRA 
Dai 
Artificial Superintelligence Alliance 
dogwifhat 
Arbitrum 
Monero 
Stacks 
OKB 
Filecoin