North Korea Found Guilty of Over $41 Billion Ethereum Theft from Upbit
North Korea's past theft revealed by the South Korean police. Details reveal how the attackers orchestrated theft, which warns against state-sponsored criminals.
South Korea’s National Police Agency has confirmed North Korea involvement in one of the largest cryptocurrency thefts to date. The shocking revelation unveils that two North Korean hacker groups, Lazarus and Andariel, orchestrated the 2019 theft of 342,000 ETH from Upbit, a leading South Korean cryptocurrency exchange.
Moreover, at the time the stolen ETH was valued at 58 billion won, approximately $41 million. However, its value has skyrocketed to 1.47 trillion won ($1.1 billion) at current market rates.
It is the first time South Korean authorities have officially linked North Korea to a major virtual asset hacking incident, providing concrete evidence of the rogue nation’s growing reliance on cybercrime for revenue.
How North Korea Executed the Theft
The investigation, conducted in partnership with the FBI, identified critical evidence tying North Korea to the crime. Investigators traced North Korean IP addresses to the hack and found the phrase “Heulhan IL,” unique to North Korea, in the attacker’s software.
Notably, analysis showed that attackers converted 57% of the stolen Ethereum to Bitcoin through three cryptocurrency exchanges likely operated by North Korea. They exchanged the Bitcoin at a rate 2.5% below market price, enabling a rapid sale.
However, someone transferred the remaining Ethereum to 51 global cryptocurrency exchanges to launder it. Although most of the stolen assets remain unrecovered, investigators managed to retrieve 4.8 Bitcoin, valued at approximately 600 million won or $451,000, from a Swiss cryptocurrency exchange after proving its stolen origin.
Upbit Suffered from Elaborated Scheme
The incident reveals North Korea’s advanced cyber capabilities and its strategic use of cryptocurrencies to evade economic sanctions. Korea has established cryptocurrency exchanges specifically to lauder stolen digital assets, further complicating international recovery efforts.
This revelation emphasizes the need for global collaboration in fighting cybercrime and safeguarding digital assets. As North Korea continues exploiting vulnerabilities in the crypto ecosystem, exchanges and governments will adopt stronger security measures to prevent future attacks.
