As a seasoned crypto investor with over a decade of experience in this volatile market, I can’t help but feel a mix of frustration and concern when I read about the Upbit hack incident from five years ago. The fact that North Korean hacking groups were involved is alarming, as it highlights the ongoing threat that these entities pose to the crypto community worldwide.


South Korean researchers have disclosed that the 2019 cyber attack on Upbit cryptocurrency exchange, resulting in a $50 million loss of Ethereum, was orchestrated by hacking groups Lazarus and Andariel, who are reportedly connected to North Korea’s main intelligence agency, the Reconnaissance General Bureau – a significant intelligence organization within the Democratic People’s Republic of Korea.

Five years ago as a crypto investor, I found myself dealing with an unsettling incident when Upbit, one of South Korea’s prominent cryptocurrency exchanges, reported a security breach. In this attack, hackers managed to pilfer 342,000 Ethers from the exchange’s hot wallet. At that time, each Ether was valued around $147. If we were to convert these stolen assets to their current value, it would amount to approximately 1.47 trillion won or over $1.04 billion today. A stark reminder of the importance of security in the crypto world.

Upbit Hack Investigation

As per a report by the Seoul-based news agency Yonhap, the investigation team worked together with the FBI to gather evidence. The evidence included North Korean IP addresses, patterns in virtual asset flow, and linguistic clues. Approximately 57% of the stolen Ethereum was traded for Bitcoin at reduced rates on exchanges controlled by North Korea, while the rest was laundered through 51 different platforms located overseas.

In October, South Korean authorities, working alongside Swiss prosecutors, managed to retrieve around 4.8 Bitcoins (equivalent to roughly 600 million won) from a Swiss cryptocurrency exchange and handed them back to Upbit.

The authorities also noted,

For the first time ever, an official confirmation from a domestic investigation agency has been made about the allegations of hacking involving virtual assets in North Korea. Previously, there have been reports and statements from the United Nations and foreign governments regarding this issue.

Following the security breach in November 2019, Upbit took several steps to avoid another incident, such as deploying and managing hot wallets. However, despite these efforts, Dunamu, the platform’s operator, revealed that Upbit faced over 159,000 hacking attempts in the first half of 2023, marking a significant jump of 117% compared to the numbers from 2022 and an astounding 1,800% rise from the first half of 2020.

North Korea’s Cyber Warfare

North Korean hackers have a history of targeting South Korea for crypto-related crimes.

In the previous year, North Korean cybercriminals disguised themselves as South Korean government personnel and journalists to trick their targets. By employing email phishing methods, they successfully obtained information from about 1,500 individuals during the span of March to October. The majority of these victims belonged to the private sector, while 57 were either current or former government officials.

Read More

2024-11-22 01:42