South Korean authorities have managed to recover 4.8 Bitcoin (BTC) from the 2019 hack of the Upbit exchange, as reported by Yonhap News on November 21. This significant cyberattack involved North Korean hackers stealing 342,000 Ethereum (ETH), which was valued at $41.4 million in 2019 and is now worth over $1 billion at current prices.
The South Korea National Police Agency’s investigation confirmed the involvement of North Korean hacker groups Lazarus and Andariel, who are known for large-scale cybercrime and have stolen over $3 billion in cryptocurrency since 2017. This is the first time South Korean police have officially linked a major hack to North Korean operatives.
The hackers laundered 57% of the stolen ETH, converting it to Bitcoin, which flowed through three North Korea-linked exchanges and 51 global platforms. Through years of tracking blockchain activity and analyzing North Korean IP addresses, investigators identified unique North Korean language usage, with assistance from the US Federal Bureau of Investigation (FBI).
The recovered Bitcoin, traced to a Swiss exchange, has been returned to Upbit. This development comes as Upbit faces scrutiny from South Korea’s Financial Intelligence Unit (FIU) over KYC-related violations, potentially implicating the exchange in 600,000 compliance breaches. South Korea’s Financial Services Commission (FSC) has also raised concerns about Upbit’s market dominance, as it accounts for nearly 20% of the 22 trillion won deposited in K Bank, posing potential risks to the financial system.
Upbit is currently the largest South Korean cryptocurrency trading platform, with a trading volume of around $6 billion.
