South Korean police confirm that the North Korean hackers Lazarus group and Andariel were responsible for the 342,000 ETH theft from Upbit in 2019.
South Korean authorities have officially confirmed that the North Korean hacker groups Lazarus and Andariel were responsible for the 2019 theft of 342,000 Ethereum (ETH) from Upbit, the country’s largest cryptocurrency exchange.
This marks the first acknowledgment of North Korea’s involvement in a domestic crypto exchange hack.
The stolen ETH, valued at approximately 1.4 trillion won at current prices, was funneled through numerous exchanges worldwide.
Despite the theft’s magnitude, only a small portion of the funds has been recovered. Specifically, 4.8 Bitcoin was retrieved from a Swiss exchange.
Lazarus and Andariel Behind the Upbit Hack
South Korean police confirmed that the Lazarus and Andariel hacking groups orchestrated the Upbit heist, stealing 342,000 ETH, worth over 1.4 trillion won (about $1 billion). The stolen cryptocurrency was laundered through various methods.
According to a report by YNA.co, 57% of the ETH was exchanged for Bitcoin at a 2.5% discount on three exchange platforms believed to be controlled by North Korea.
The remaining funds moved through 51 exchanges across 13 countries, including prominent platforms in the U.S. and China.
South Korean investigators collaborated with the U.S. FBI and other international agencies to trace the stolen assets. Despite the widespread laundering, their efforts led to some recovery.
After presenting evidence to Swiss authorities, officials successfully retrieved 4.8 Bitcoin, worth 600 million won, and returned it to Upbit, marking a rare success in recovering stolen cryptocurrency.
This theft underscores North Korea’s growing reliance on crypto hacks to support its activities. The Lazarus Group, in particular, has been linked to numerous high-profile cyberattacks targeting major crypto exchanges.
The report also highlights the increasing prevalence of hacks and scams in the crypto space. For instance, the U.S. Department of Justice recently charged five hackers with stealing $6.3 million in digital assets.
North Korea’s History of Crypto Thefts and Global Impacts
The Lazarus Group, a state-sponsored cybercrime organization in North Korea, is known for conducting sophisticated cyberattacks on financial institutions and cryptocurrency exchanges worldwide.
The group primarily focuses on high-value asset theft, particularly cryptocurrency.
In a recent case, investigators connected Lazarus to a $238 million Bitcoin theft in August 2023. During this attack, stolen funds were moved across multiple platforms.
Speculation about Lazarus’s involvement grew as experts analyzed suspicious transactions tied to the incident.