South Korean authorities have confirmed that North Korean hackers were responsible for the $50 million Upbit cryptocurrency hack in November 2019.
On Nov. 21, the National Office of Investigation in South Korea reportedly confirmed that the hack, which stole 342,000 Ether (ETH), was carried out by North Korean hacker groups Lazarus and Andariel.
Upbit, a South Korea-based cryptocurrency exchange, reported on Nov. 27, 2019, that 342,000 ETH had been stolen from its hot wallet. The ETH was worth about $147 a coin at the time of the theft, making the total amount stolen about $50 million.
Ether’s value at the time of the Upbit hack. Source: CoinGecko
With the recent surge in Ether’s value alongside Bitcoin (BTC), the stolen amount is now estimated to exceed $1 billion.
North Korean police confirm hack perpetrators after 5 years
South Korea’s Yonhap News reported that this marks the first time a South Korean investigative agency has officially confirmed North Korean involvement in a cryptocurrency hack.
According to the report, the authorities confirmed North Korea’s involvement by tracking crypto flows and IP addresses. They also analyzed the use of the North Korean language and material from the United States Federal Bureau of Investigation.
Although the police confirmed North Korea’s involvement, they withheld details about the hacking methods to prevent potential copycat attacks.
Since the breach, the attackers are believed to have sold about 57% of the stolen ETH on exchanges allegedly operated by North Koreans. The remaining funds were distributed and laundered through 51 overseas exchanges.
South Korea probes Upbit for KYC violations
The confirmation of North Korean involvement in the 2019 Upbit hack follows a recent probe into the crypto exchange.
On Nov. 14, the Financial Intelligence Unit of the Financial Services Commission found 500,000 to 600,000 potential Know Your Customer violations by the crypto exchange.
The FIU spotted alleged breaches while reviewing Upbit’s business license renewal. The exchange allegedly accepted blurred identification cards, which made it difficult for regulators to properly identify the users.
The violations could result in fines of up to $71,500 per case and complications in the exchange’s business license renewal.
Magazine: China’s ‘point running’ crypto scams, pig butchers kidnap kids: Asia Express