The 2019 cyberattack on South Korea’s largest cryptocurrency exchange, Upbit, has been traced to hackers affiliated with North Korea‘s Reconnaissance General Bureau, who stole digital assets worth 58 billion won at the time (now valued at 1.47 trillion won), South Korean authorities revealed Thursday. This announcement marks the first official confirmation by South Korean investigators of North Korea’s involvement in a cryptocurrency heist.
The National Police Agency’s National Investigation Headquarters identified the attackers as members of Lazarus and Andariel, two notorious hacking groups linked to the North Korean regime. In November 2019, the hackers stole 342,000 Ether from Upbit wallets, valued at 58 billion won at the time and approximately 1.47 trillion won today. Lazarus has historically targeted government and financial institutions, while Andariel has focused on military and defense industries.
Authorities refrained from disclosing specific attack methods due to concerns over copycat crimes. However, they cited evidence such as North Korean IP addresses, the flow of the stolen cryptocurrency, the use of unique North Korean terminology, and information shared by the FBI. Investigators found traces of the phrase “heolhan il” – a North Korean term meaning “trivial matter” – on a computer used in the attack.
The police said the hackers stole around 340,000 Ether in a single attack. They transferred 57% of the stolen Ether to three cryptocurrency exchange platforms they created, converting it to Bitcoin at a 2.5% discount to market prices. They likely laundered the funds by cashing out the Bitcoin, police said. The remaining 43% was dispersed across 51 exchanges in 13 countries, including China, the U.S., Hong Kong, and Switzerland. While the North Korean-run platforms have since been shut down, authorities lost the trail of the laundered funds two years ago.
In October 2020, investigators traced a portion of the stolen cryptocurrency—converted into Bitcoin – to an exchange in Switzerland. After a four-year effort to link the funds to the Upbit hack, South Korea successfully recovered 4.8 Bitcoin, valued at 600 million won, and returned it to Upbit. However, exchanges in countries such as China, the U.S., and Hong Kong either ignored cooperation requests or declined to assist, citing a lack of obligation.
Authorities shared the identified hacking techniques with other organizations, including the National Intelligence Service, the Financial Supervisory Service, the Financial Security Institute, and cryptocurrency exchanges, to bolster defenses. “Cryptocurrency exchanges now adhere to high-security standards, unlike in the past,” a police spokesperson stated, urging the public not to harbor undue fears.
Reporter Lee Sang-hwan payback@donga.com
**How much Ether was stolen in the Upbit cryptocurrency heist?**
## World Today News – Exclusive Interview: Unmasking the Upbit Crypto Heist
**Introduction:**
Welcome to World Today News. Today, we delve into a landmark cybersecurity case - the 2019 Upbit cryptocurrency heist, where hackers linked to North Korea stole a staggering 342,000 Ether. To shed light on this complex issue, we have two distinguished guests:
**Guest 1:** Dr. Alice Lee, a leading cybersecurity expert specializing in cryptocurrency theft and tracing.
**Guest 2:** Mr. Kim Jong-Hyun, a former investigator with the South Korean National Police Agency, specializing in cybercrime.
**Section 1: Anatomy of a Cyber Heist**
* **Host:** Dr. Lee, can you paint a picture for our viewers of how these sophisticated hacking groups, Lazarus and Andariel, likely executed this large-scale theft? What techniques could have been employed?
* **Host:** Mr. Kim, the South Korean authorities chose not to disclose specific attack methods. Why is this secrecy crucial, and what are the potential dangers of revealing those details?
* **Host:** Dr. Lee, the article mentions the use of the phrase “heolhan il,” a North Korean term, as evidence. How significant is linguistic analysis in cybersecurity investigations, and can it provide definitive proof of attribution?
**Section 2: Cryptocurrency’s Labyrinth – Tracing Stolen Assets**
* **Host:** Mr. Kim, the investigation spanned four years and multiple countries. Can you elaborate on the challenges faced by investigators when tracing stolen cryptocurrency across international borders?
* **Host:** Dr. Lee, the article mentions some exchanges refusing to cooperate. What can be done to encourage more collaboration between law enforcement agencies and cryptocurrency platforms in cases like this?
* **Host:** Mr. Kim, only a small portion of the stolen Bitcoin was recovered. What are the biggest obstacles to recovering stolen cryptocurrency, and how can the recovery process be made more effective?
**Section 3: National Security Implications and Protective Measures**
* **Host:** Dr. Lee, this incident raises concerns about the national security implications of cryptocurrency theft. Can you explain the potential threats posed by state-sponsored hacking groups like Lazarus and Andariel leveraging stolen cryptocurrency?
* **Host:** Mr. Kim, while acknowledging the efforts made by cryptocurrency exchanges to improve their security, what further steps can be taken to mitigate the risk of future attacks?
* **Host:** Dr. Lee, what message would you give to individual cryptocurrency investors about protecting their assets in light of these growing cybersecurity threats?
**Conclusion:**
The 2019 Upbit heist serves as a chilling reminder of the ever-evolving landscape of cybercrime and the vulnerabilities inherent in the cryptocurrency ecosystem. We thank Dr. Lee and Mr. Kim for sharing their valuable insights and expertise.