- South Korea confirms North Korean hackers behind 2019 Upbit crypto heist, stealing $50M in Ether.
- Stolen Ether from Upbit now worth over $1B, as North Korea laundered funds through 51 global exchanges.
- Upbit faces scrutiny with $71,500 fines for KYC violations as North Korea’s involvement in hack is confirmed.
South Korean law enforcement authorities have finally admitted that the North Korean hackers had stolen $50million worth of cryptocurrency from the Upbit exchange in 2019. On the 21st of November 2024, South Korea’s National Office of Investigation (NOI) claimed that the attack, which saw 342,000 Ether stolen, was the work of North Korean cybercriminal groups Lazarus and Andariel. Such disclosure is a breakthrough in the ongoing probe of the breach that had been a puzzle for many years now.
In 2019, South Korea based cryptocurrency exchange Upbit also said that a large amount of cryptocurrency was stolen from its hot wallet on November 27. At the time of the hack the stolen Ether was valued at $147.58, which means that the total value of stolen Ether was around $50 million. Nevertheless, given the recent appreciation of the Ethereum token, the stolen funds would be worth more than $1 billion at the present time.
Source: CoinGecko
South Korea Confirms Hack
The statement by the NOI cited by South Korea’s Yonhap News Agency is the first official confirmation by a South Korean investigative agency of North Korean state-sponsored hackers’ involvement in a cryptocurrency heist. This was made possible after a thorough investigation whereby the movement of the stolen crypto assets was followed, the IP addresses used were trapped and the intelligence provided by the United States Federal Bureau of Investigation (FBI). Also, the authorities noted that the communication during the hack had certain linguistic features that are characteristic of North Korean actors.
Although the NOI has established that North Korea was behind the attack, the group has elected to refrain from providing further details of the hacking methods applied for fear of inspiring further cybercrimes.
In particular, the North Korean hackers have already cashed out a significant part of the stolen Ether. It is estimated that about 57%of the funds stolen were received by North Korean controlled exchanges. The rest of the Ether stolen has been cleaned through at least 51 different exchanges in other countries, which makes it much more difficult to identify how much money was actually taken in the hack.
Upbit’s Ongoing Regulatory Challenges
This confirmation of North Korean involvement in the Upbit hack comes as the exchange is facing other troubles. On the 14th of November, 2024 the South Korean Financial Intelligence Unit (FIU) reported several KYC instances while processing the review of Upbit’s business license renewal process. The violations were: accepting of the cards with unclear identification, which prevented the regulators from identifying certain users.
According to the FIU, the fines it imposed on Upbit could be heavy with penalties ranging from $71,500 per case of non-compliance. The violations have only served to increase the levels of oversight of the exchange and make its business even more challenging in a market which is becoming more and more closely regulated on a global basis.
Nevertheless, Upbit is one of the most famous cryptocurrency exchanges in South Korea, and its activities are of great importance for the country’s digital economy. Yet, the current year has not been very calm for the exchange, as it faces increasing scrutiny from the regulators as well as the ongoing investigation of the 2019 hack – thus, the exchange may experience multiple difficulties in the forthcoming months.
