According to South Korean police, the North Korean hackers Lazarus group and Andariel committed the 2019 Upbit theft of 342,000 ETH.
The 2019 theft of 342,000 Ethereum (ETH) from Upbit, South Korea’s largest cryptocurrency exchange, was orchestrated by the North Korean hacker Lazarus group and Andariel, as confirmed by South Korean police. Authorities have explicitly acknowledged North Korea’s involvement in a domestic exchange hack for the first time.
The plundered assets, which are currently valued at 1.4 trillion won, were transferred through numerous exchanges on a global scale. Although the robbery was performed grandly, only a tiny portion was recovered. In particular, 4.8 Bitcoins were retrieved from a Swiss exchange.
Lazarus and Andariel Steal 342,000 ETH from Upbit
South Korean police have verified that Lazarus and Andariel, North Korea’s notorious hacker groups, were responsible for the theft of 342,000 ETH from Upbit in 2019. The stolen Ethereum, valued at over 1.4 trillion won (approximately $1 billion), was meticulously laundered. The yna.co report indicates that 57% of the stolen ETH was exchanged for Bitcoin at a 2.5% discount on three exchange sites, which North Korea likely created. In the interim, the remaining cryptocurrency was transferred through 51 exchanges in 13 countries, including significant United States and China participants.
The plundered assets were effectively tracked through the collaboration of South Korean authorities with the US FBI and other international agencies. The investigation resulted in a substantial recovery despite many laundered funds being dispersed across foreign exchanges. They effectively recovered 4.8 Bitcoin, valued at 600 million won, and returned it to Upbit after presenting evidence to Swiss authorities. This was an uncommon occurrence in which misappropriated funds were recovered.
This theft underscores North Korea’s growing dependence on cryptocurrency breaches to finance its operations. North Korea’s Lazarus Group has been responsible for conducting numerous high-profile intrusions on prominent cryptocurrency exchanges.
Additionally, this report underscores the increasing number of scams and breaches occurring in the cryptocurrency sector. To provide context, the United States Department of Justice has recently filed charges against five hackers for the theft of $6.3 million in digital assets.
The Global Consequences of North Korea’s Prolonged History of Crypto Theft
The Lazarus Group is a cybercrime organization that is state-sponsored in North Korea. It executes sophisticated cyberattacks directed at financial institutions and crypto exchanges globally. The group’s primary objective is to take high-value assets, particularly cryptocurrency.
According to investigators, Lazarus was recently associated with the $238 million Bitcoin theft in August 2023. The funds were transferred across numerous platforms during this attack. The group’s involvement was the subject of increased speculation as experts analyzed the suspicious transactions.
