South Korean Authorities Recover 4.8 Bitcoin Linked to Upbit Exchange Hack
South Korean authorities have successfully recovered 4.8 Bitcoin (BTC) linked to the 2019 hack of the Upbit exchange, according to a report by local media outlet Yonhap News.
The Hack
The 2019 hack of Upbit by North Korean hackers resulted in the theft of 342,000 Ethereum (ETH), valued at $41.4 million at the time. Today, the stolen Ethereum is worth over $1 billion.
Investigation Details
An investigation by South Korea’s National Police Agency confirmed the involvement of North Korean hacker groups Lazarus and Andariel in the Upbit hack. These groups have a history of large-scale cybercrime, having stolen more than $3 billion in cryptocurrency from 2017 to 2023.
This marks the first time South Korean police have officially linked a significant hack to North Korean operatives. The hackers laundered 57% of the stolen ETH by converting it into Bitcoin, which was then moved through three North Korea-linked exchanges and 51 global platforms.
Years of tracing blockchain activity and analyzing North Korean IP addresses helped investigators identify patterns, including unique North Korean language usage. Support from the US Federal Bureau of Investigation (FBI) also played a role in uncovering the hackers’ operations.
The recovered Bitcoin, traced to a Swiss exchange, has been returned to Upbit.
Upbit Under Scrutiny
Meanwhile, Upbit is facing scrutiny from South Korea’s Financial Intelligence Unit (FIU) for KYC-related violations. The FIU reports that the exchange may have been involved in up to 600,000 compliance breaches.
The Financial Services Commission (FSC) has also raised concerns about Upbit’s market dominance, as the exchange accounts for nearly 20% of the 22 trillion won deposited in K Bank, posing potential risks to the financial system.
According to CoinMarketCap data, Upbit is the largest South Korean crypto trading platform, with a trading volume of around $6 billion.