South Korea Confirms North Korean Hackers Behind $50 Million Hack on Upbit Exchange

South Korean cryptocurrency exchange Upbit had 342,000 ETH stolen by North Korean hackers (equivalent to $50 million in 2019, now worth over $1 billion).

The National Investigation Agency (NIA) of South Korea on November 21 officially confirmed the involvement of North Korean hacker groups Lazarus and Andariel in the cyberattack targeting cryptocurrency exchange Upbit in 2019.

The incident, which occurred on November 27, 2019, resulted in the loss of 342,000 Ether (ETH) from Upbit’s hot wallet. At the time, the value of the stolen ETH was equivalent to about $50 million, based on the price of $147/ETH. However, with the strong growth of the cryptocurrency market in recent years, the value of this ETH has now exceeded $1 billion.

Ether value at the time of Upbit hack. Source: CoinGecko Details of the attack and money laundering

This is the first time a South Korean investigative agency has officially identified North Korea as being behind a cryptocurrency attack. The NIA based its conclusion on cryptocurrency tracing, IP address analysis, and North Korean-specific language recognition, along with intelligence shared with the US Federal Bureau of Investigation (FBI). Details of the attack method were not released to avoid setting a precedent for similar attacks.

According to the report, the hackers sold about 57% of the stolen ETH through exchanges believed to be controlled by North Korea. The remaining 43% of ETH was dispersed and laundered through 51 different international exchanges. This behavior shows the sophistication of the hacker groups' money laundering operations, aiming to conceal the illegal origin of the cryptocurrency.

Notably, the incident comes amid an investigation into Upbit's Know Your Customer (KYC) compliance practices. On November 14, the Financial Intelligence Unit (FIU) of the Financial Services Commission of South Korea discovered over 600,000 potential violations related to Upbit's KYC policy.

Specifically, the exchange is accused of accepting blurred identification documents, making it difficult to verify users' identities. Each violation can result in a fine of up to $71,500, and also affect Upbit's license renewal process.