South Korean police linked Lazarus to the 2019 Upbit theft of 342,000 ETH, now worth 1.47 trillion won.
57% of stolen Ethereum was converted to Bitcoin at 2.5% below market value through North Korea-linked exchanges.
Police recovered 4.8 Bitcoin after 4 years, returning the stolen assets worth 600 million won to Upbit in October.
South Korean police have confirmed the involvement of North Korean hacking groups in the 2019 theft of 342,000 Ethereum (ETH) from Upbit, the country’s largest cryptocurrency exchange. The stolen cryptocurrency, valued at 58 billion won at the time, is now worth 1.47 trillion won. Authorities identified Lazarus and Andariel, hacker groups tied to North Korea's Reconnaissance General Bureau, as key players in the attack.
https://twitter.com/WuBlockchain/status/1859437660064055793
Investigation Reveals Key Evidence of North Korean Involvement
The National Investigation Headquarters of the National Police Agency, working with the FBI, uncovered critical evidence linking North Korea to the heist. Investigators tracked the virtual asset flow and identified North Korean IP addresses used during the breach.
Additionally, traces of North Korean-specific vocabulary, including the term "Heulhan Il," meaning "unimportant matter," were found on compromised systems. These findings, combined with international collaboration, provided clear links to North Korean cyber activity.
Laundering and Conversion of Stolen Assets
After the theft, approximately 57% of the stolen Ethereum was converted into Bitcoin. Notably, these conversions were processed at a price 2.5% below market value, using three cryptocurrency exchanges allegedly operated by North Korea.
The remaining Ethereum was distributed across 51 international exchanges for laundering, complicating recovery efforts. This elaborate laundering process highlights the sophistication of the operation.
Asset Recovery After Four Years of Efforts
In a breakthrough, police traced a portion of the stolen Bitcoin to a cryptocurrency exchange in Switzerland. Following years of negotiations with Swiss prosecutors, authorities successfully retrieved 4.8 Bitcoins.
These recovered assets, valued at approximately 600 million won, were returned to Upbit in October. South Korean officials emphasized that specific details of the attack methods remain undisclosed to prevent potential replication.
