South Korean Authorities Confirm North Korean Hackers Behind 2019 $50 Million Upbit Theft

South Korea identifies Lazarus and Andariel as perpetrators of the $50M Upbit cryptocurrency theft in 2019.
Hackers laundered stolen funds via 51 international exchanges, with 57% of ETH already sold.
Upbit faces regulatory scrutiny for potential KYC violations, risking heavy fines and license complications.

South Korean officials have identified North Korean hacker groups Lazarus and Andariel as responsible for the 2019 theft of $50 million in cryptocurrency from Upbit, a prominent South Korea-based crypto exchange. The announcement by the National Office of Investigation on November 21 is the first official confirmation linking the attack to North Korea.

Tracking the Stolen Ether

The breach resulted in the loss of 342,000 Ether, worth approximately $147 per coin at the time. The value of the stolen assets has since surged with the rise in Ether’s price, now exceeding $1 billion. Investigators traced the stolen funds through blockchain transactions, IP address analyses, and collaboration with the U.S. Federal Bureau of Investigation.

Authorities revealed that about 57% of the stolen Ether has been sold on exchanges allegedly operated by North Koreans. The remaining funds were laundered through 51 international exchanges. To prevent potential copycat attacks, details about the hacking techniques used have been withheld.

Source: South Korean Police

Upbit Faces Regulatory Pressure

The identification of the hackers coincides with regulatory challenges for Upbit. South Korea’s Financial Intelligence Unit (FIU) is investigating the exchange for potential Know Your Customer (KYC) violations, with up to 600,000 alleged breaches.

The FIU’s investigation revealed that Upbit accepted blurred identification documents, complicating user verification processes. Penalties for these violations could reach $71,500 per case, potentially jeopardizing the exchange’s business license renewal.

As South Korea continues to bolster its cybersecurity measures, this case underscores the growing challenge of addressing crypto-related crimes linked to state-sponsored groups.

Disclaimer: BlockNews provides independent reporting on crypto, blockchain, and digital finance. All content is for informational purposes only and does not constitute financial advice. Readers should do their own research before making investment decisions. Some articles may use AI tools to assist in drafting, but every piece is reviewed and edited by our editorial team of experienced crypto writers and analysts before publication.

Tags: North Korean