South Korea Confirms North Korea Stole 342,000 ETH From Upbit in 2019

According to local media reports, South Korea has confirmed that North Korea is behind the theft of 342,000 Ethereum (ETH). The stolen assets, worth around 58 billion Won or $41.5 million in 2019, were taken from the cryptocurrency exchange Upbit. The stolen tokens, currently valued at 1.47 trillion Won, represent one of the largest cryptocurrency thefts allegedly carried out by North Korea. The National Police Agency's National Investigation Headquarters announced on November 21 that two North Korean hacker groups, Lazarus and Andariel, orchestrated the attack. Both groups are branches of North Korea's Reconnaissance General Bureau, a state agency involved in cyber espionage and financial crimes. Investigators relied on a combination of digital forensics, including IP address tracking and analysis of the stolen cryptocurrency flows. The investigation also identified traces of North Korean vocabulary. After the theft, the perpetrators converted 57% of the stolen Ethereum into Bitcoin on three cryptocurrency exchanges believed to be operated by North Korea. These transactions occurred at prices 2.5% lower than the market rate, likely to expedite the sales. They then distributed the remaining Ethereum across 51 foreign exchanges and laundered the money to conceal the origin. In 2020, some of the stolen cryptocurrency was identified at a Swiss cryptocurrency exchange. After four years of efforts to prove the origin to Swiss prosecutors, South Korean authorities recovered 4.8 Bitcoin (BTC), worth around 600 million Won, which was returned to Upbit in October 2024. North Korea's involvement in cryptocurrency crimes is not a new phenomenon. Authorities have noted a shift in tactics, with hackers associated with the regime increasingly targeting cryptocurrency companies with sophisticated methods, including phishing campaigns and supply chain attacks. The confirmation of North Korea's involvement in the Upbit hack in 2019 marks an important development. While the United Nations (UN) and foreign governments have previously accused North Korea of funding its weapons programs through cryptocurrency theft, this is the first time South Korean authorities have officially linked the regime to a major cryptocurrency heist. This incident highlights the dual threats facing the cryptocurrency industry: external threats from state-sponsored hackers and internal risks related to inadequate regulatory compliance. The latter issue is exemplified by the recent discovery of over 600,000 KYC violations at Upbit, South Korea's largest cryptocurrency exchange, by the Korea Financial Intelligence Unit. The detection of these widespread KYC violations at Upbit raises questions about the exchange's efforts to prevent illicit activities. Strengthening oversight and rigorously enforcing anti-money laundering (AML) measures could help prevent future attacks and ensure a safer trading environment for retail investors. Upbit is also facing an antitrust investigation by the Korea Fair Trade Commission, which is examining potential abuse of market dominance.