South Korean authorities have officially confirmed that North Korean hacker groups were responsible for the $50 million cryptocurrency theft from Upbit, a South Korean-based cryptocurrency exchange, in 2019. On November 21, the National Office of Investigation released a statement identifying North Korean hacker groups Lazarus and Andariel as the perpetrators behind the hack. These groups are well-known for their cybercriminal activities and involvement in large-scale cyberattacks.
The theft occurred in November 2019, when 342,000 Ether (ETH) was stolen from Upbit’s hot wallet. At the time of the hack, the value of Ether was approximately $147 per coin, meaning the total amount stolen amounted to around $50 million. However, with the recent surge in the price of Ether and Bitcoin, the value of the stolen funds would exceed $1 billion today, highlighting the scale of the attack and its potential long-term impact.
Tracking North Korea’s Involvement
The confirmation from South Korea marks the first time a South Korean investigative agency has officially acknowledged North Korea’s involvement in a cryptocurrency hack. According to reports from South Korea’s Yonhap News, the country’s investigators were able to confirm North Korea’s role by tracing crypto flows, IP addresses, and analyzing linguistic patterns consistent with North Korean cyber groups. In addition, the U.S. Federal Bureau of Investigation (FBI) provided crucial assistance, sharing intelligence that helped solidify the link to North Korean hacking groups.
The investigators also withheld specific details about the hacking techniques employed by the attackers, likely to avoid encouraging copycat attacks or revealing too much about their investigation methods. Despite this, the authorities made it clear that Lazarus and Andariel were directly responsible for orchestrating the breach.
Following the breach, it is believed that the attackers sold approximately 57% of the stolen Ether on exchanges that are reportedly operated by North Korean entities. The remaining stolen funds were laundered through 51 overseas cryptocurrency exchanges, further complicating the efforts to track and recover the assets. These exchanges, many of which are outside South Korean jurisdiction, present significant challenges for investigators, making it difficult to trace the stolen funds.
South Korean Authorities Investigate Upbit for KYC Violations
The investigation into Upbit’s security breach follows another recent probe into the exchange. On November 14, the Financial Intelligence Unit (FIU) of South Korea’s Financial Services Commission (FSC) uncovered potential Know Your Customer (KYC) violations by Upbit, the exchange in question. According to the FIU’s findings, as many as 600,000 KYC violations were identified while reviewing Upbit’s business license renewal application.
The FIU flagged the issue during a routine compliance check. The alleged violations involved the exchange accepting blurry or incomplete identification cards from users, which made it difficult for regulators to verify their identities properly. This oversight raises serious concerns about the exchange’s ability to meet regulatory requirements, especially considering the growing importance of KYC measures in preventing money laundering and other illicit activities in the cryptocurrency industry.
The discovery of these KYC violations could have serious consequences for Upbit, as the exchange may face fines and additional regulatory scrutiny. The violations could result in fines of up to $71,500 per case, which would add up to a significant financial burden for the exchange if all 600,000 potential violations are confirmed. Moreover, these findings could complicate Upbit’s efforts to renew its business license, further exacerbating the challenges the exchange is facing in South Korea.
The KYC issue compounds the reputational damage caused by the 2019 hack, leaving Upbit under heightened regulatory and public scrutiny. This latest investigation raises questions about the exchange’s ability to adhere to local laws and international standards for cryptocurrency exchanges.
| Event | Date | Key Details |
|---|---|---|
| Upbit Hack | November 2019 | $50 million worth of Ether stolen from Upbit’s hot wallet |
| Confirmation of North Korean Involvement | November 21, 2024 | Lazarus and Andariel groups confirmed as perpetrators |
| Surge in Ether’s Value | 2024 | Stolen Ether now worth over $1 billion due to price increase |
| KYC Violations at Upbit | November 14, 2024 | 600,000 potential KYC violations identified by Financial Intelligence Unit |
The confirmation of North Korean involvement in the Upbit hack is an important development in the ongoing investigation. It underscores the increasing sophistication of cyberattacks in the cryptocurrency space, particularly from state-sponsored actors. Despite the challenges faced by South Korean authorities in recovering the stolen funds, the identification of the perpetrators offers a sense of progress in what has been a difficult investigation.
The theft of over $50 million in crypto by North Korean hackers is a stark reminder of the vulnerabilities within the cryptocurrency industry. While the blockchain’s security mechanisms are generally strong, the exchange platforms themselves remain attractive targets for cybercriminals, particularly those backed by powerful nation-states. This event may also serve as a wake-up call for other exchanges to improve their security protocols and compliance measures to avoid falling victim to similar attacks.
Strengthening Crypto Regulations is Imperative
The Upbit hack and the recent KYC violations highlight the ongoing challenges faced by the cryptocurrency industry, particularly in terms of security and regulatory compliance. As the industry grows, there needs to be a stronger focus on implementing and enforcing security measures that can protect both users and exchanges. While innovation is crucial, maintaining regulatory oversight is equally important to ensure that the cryptocurrency ecosystem remains secure and transparent. Without stronger regulatory frameworks and enhanced security measures, the crypto space risks becoming more vulnerable to such large-scale attacks, which could deter wider adoption.
