North Korea-linked groups were behind $50mn cryptocurrency heist in 2019, claims Seoul

South Korean police confirmed Thursday (Nov 21) that a cybercriminal group from the North was behind a multimillion-dollar cryptocurrency heist in 2019. In November of that year, cybercriminals targeted South Korean crypto exchange Upbit and stole Ethereum tokens worth some US$50 million.

It is the first time that North Korea's role has been confirmed. In total, 342,000 tokens were stolen and now their worth is estimated to be over a billion dollars.

Following the attack, South Korea's cyber terror division launched an investigation that ran for years and has now revealed that Lazarus Group and Andariel threat groups related to the North carried out the theft. South Korean police tracked the perpetrators by identifying the cybercriminals' IP addresses and the movement of the virtual assets in collaboration with the FBI, according to authorities.

Earlier in October, law enforcement agencies in South Korea were able to recover tokens worth $470,000 from the cybercriminals by working in tandem with the Swiss authorities, as the stolen currency was stored in the banks of the European country.

A police statement read, “More than half (57%) of the stolen virtual assets were converted into bitcoin at a discounted rate of 2.5% through three virtual asset exchange platforms believed to have been created by the attackers.” “The remaining assets were distributed and laundered through 51 overseas exchanges,” it added.

Concerns are mounting regarding North Korean cryptocurrency theft as more cases have been unearthed by investigators over the recent years. In 2022, the country’s groups were blamed for the theft of some $620 million worth of ethereum.

According to a report by the United Nations released in March, cryptocurrency theft accounted for half of North Korea’s total revenue. Most of the stolen funds go into funding the Pyongyang’s missile and nuclear programme, as per reports.

(With inputs from agencies)