South Korean authorities have successfully recovered 4.8 Bitcoin (BTC) linked to the 2019 hack of the Upbit exchange, where North Korean hackers stole 342,000 Ethereum (ETH). This incident was one of the most significant cyberattacks targeting a cryptocurrency platform, with the stolen Ethereum now worth over $1 billion at current prices. The National Police Agency’s investigation confirmed the involvement of North Korean hacker groups Lazarus and Andariel in the hack, who have stolen more than $3 billion in cryptocurrency from 2017 to 2023. This marks the first time South Korean police have officially tied a significant hack to North Korean operatives.
Police explained that the hackers laundered 57% of the stolen ETH by converting it into Bitcoin, which then flowed through three North Korea-linked exchanges and 51 global platforms. After years of tracing blockchain activity and analyzing North Korean IP addresses, investigators identified patterns including unique North Korean language usage with support from the US Federal Bureau of Investigation (FBI). The recovered Bitcoin, traced to a Swiss exchange, has since been returned to Upbit.
The development comes as Upbit faces scrutiny from South Korea’s Financial Intelligence Unit (FIU) over KYC-related violations, potentially involving as many as 600,000 compliance breaches. The Financial Services Commission (FSC) has also raised concerns over Upbit’s market dominance, accounting for nearly 20% of the 22 trillion won deposited in K Bank, prompting questions about potential risks to the financial system. Upbit is the largest South Korean crypto trading platform, with a trading volume of around $6 billion according to CoinMarketCap data.
In conclusion, South Korean authorities have successfully recovered 4.8 Bitcoin linked to the 2019 hack of the Upbit exchange, which was orchestrated by North Korean hackers stealing 342,000 Ethereum. The investigation confirmed the involvement of North Korean hacker groups Lazarus and Andariel, marking the first official tie between a significant hack and North Korean operatives. The hackers laundered 57% of the stolen ETH by converting it into Bitcoin, flowing through North Korea-linked exchanges and global platforms. The recovered Bitcoin has been returned to Upbit, as the exchange faces scrutiny for KYC-related violations and concerns over market dominance. Upbit remains the largest South Korean crypto trading platform with a trading volume of around $6 billion.
