- South Korean police confirmed North Korea orchestrated a major Ethereum heist in 2019.
- Investigators linked the attack to Lazarus and Andariel groups tied to military intelligence.
- Hackers laundered stolen Ethereum through 54 exchanges to conceal the funds’ origins.
South Korean police have confirmed North Korea’s involvement in a significant crypto heist in 2019. Reportedly, hackers linked to North Korea’s military intelligence agency stole 342,000 Ethereum tokens. Officials highlighted that this is the first time North Korea has been directly linked to a cryptocurrency heist targeting South Korea.
The stolen Ethereum tokens were valued at 58 billion won ($41.5 million) at the time of the theft. On Thursday, the National Police Agency reported that the stolen tokens are now worth over 1.4 trillion won ($1 billion).
The investigation was conducted with the help of the U.S. Federal Bureau of Investigation (FBI). Authorities officially identified the Lazarus and Andariel groups, both tied to North Korea’s Reconnaissance General Bureau, as responsible for the hack.
How Hackers Pulled Off the Heist
Attackers targeted a South Korea-based cryptocurrency exchange, transferring Ethereum to unidentified wallets. While authorities withheld the platform’s name, Upbit, a South Korean exchange, reported a comparable Ethereum loss around the same timeframe.
South Korea Probes Telegram’s Role in Deepfake Sex CrimesThe hackers stole the assets and used advanced laundering techniques to conceal their origin. They processed over half of the stolen Ethereum through three crypto exchanges they reportedly established. They routed the remaining funds through 51 other exchanges, frequently trading them at discounted rates for Bitcoin. This strategy significantly complicated efforts to trace the stolen assets.
Key Evidence and Asset Recovery
Police utilized several methods to identify the perpetrators and trace the stolen funds. They analyzed Internet Protocol (IP) addresses associated with the transactions. They also studied how the stolen assets moved through the blockchain. Additionally, investigators noted the use of language and terminology unique to North Korea, strengthening their findings.
In October 2020, authorities made progress when they recovered 4.8 Bitcoin from a Swiss cryptocurrency exchange. These assets, now worth 600 million won, were returned to the Seoul-based exchange. This recovery underlined the importance of global cooperation in combating cybercrime.
The police investigation benefited significantly from collaboration with the FBI. Investigators linked the attack to North Korea by combining evidence from multiple sources. These included IP addresses, transaction patterns, and linguistic data tied to North Korean groups.
Officials stressed that this investigation is a landmark case. It demonstrates the capabilities of South Korea and its allies in addressing advanced cybercrimes. Efforts to recover additional stolen assets remain ongoing, relying on forensic tools and international partnerships.