North Korean Hackers Behind $1 Billion Ethereum Heist in South Korea

South Korean police have confirmed the involvement of hackers linked to North Korean intelligence in a major Ethereum cryptocurrency theft in 2019. At the time, the stolen assets were valued at $41.5 million.

More than half of the stolen funds were laundered through three cryptocurrency exchanges established by the hackers themselves, while the remainder was distributed across 51 platforms. The attackers breached a cryptocurrency exchange where Ethereum was stored and extracted 342,000 ETH. Today, the value of these assets exceeds $1 billion.

The name of the exchange was not disclosed in the statement, but in 2019, South Korean exchange Upbit reported an unauthorized transfer of 342,000 ETH to an unknown wallet. Whether the two incidents are connected remains unspecified.

The investigation determined that the attack was orchestrated by the Lazarus and Andariel groups, both tied to North Korean intelligence. These conclusions were based on IP address analysis and asset tracing. This marks the first instance in which North Korea was officially identified as the source of a cyberattack on a South Korean cryptocurrency exchange.

Authorities managed to trace 4.8 BTC transferred to a Swiss cryptocurrency exchange. In October, the assets were returned to the South Korean platform and are now valued at approximately $427,800. North Korea has denied involvement in cyberattacks and cryptocurrency theft.

According to the United Nations, between 2017 and 2024, North Korean hackers carried out 97 cyberattacks targeting cryptocurrency companies, causing an estimated $3.6 billion in damages. Among these incidents was the attack on the HTX cryptocurrency exchange in November 2023, where hackers stole $147.5 million and laundered the funds by March 2024.