North Korean Hacking Groups Linked to 2019 Upbit Cyberattack
South Korean authorities confirmed that North Korean hacking groups, including Lazarus and Andariel, were responsible for the 2019 cyberattack on Upbit, one of South Korea's largest cryptocurrency exchanges. The attack resulted in the theft of 342,000 Ethereum, valued at approximately $50 million at that time. This marks the first instance where South Korean investigative agencies have definitively linked a digital asset breach to North Korea.
Investigation Unveils North Korean Links
The National Office of Investigation reported that sophisticated methods were employed to steal funds from Upbit’s hot wallet. Investigators tracked crypto flows, analyzed IP addresses, and identified communication patterns indicative of North Korean origins. Collaboration with the United States Federal Bureau of Investigation (FBI) was noted during this investigation.
While specific hacking techniques were not disclosed to prevent copycat attacks, it was revealed that 57% of the stolen ETH was sold on exchanges reportedly operated by North Koreans. The remaining funds were distributed through 51 foreign exchanges to obscure their origins.
The Lazarus Group is notorious for involvement in high-profile cybercrimes. In 2022, the US government identified them, along with APT38, as responsible for a $620 million theft from the Axie Infinity Ronin Network. The FBI confirmed these findings, stating:
“Through our investigations, we were able to confirm Lazarus Group and APT38, cyber actors associated with [North Korea], are responsible for the theft.”
Lazarus gained global attention in 2014 after allegedly hacking Sony Pictures Entertainment in retaliation for the film The Interview, which mocked North Korean leader Kim Jong Un. Their history includes major cybercrimes like the global WannaCry ransomware outbreak and attacks on banks and individual accounts, solidifying their reputation as a sophisticated hacking entity.
Upbit Under Scrutiny
The confirmation of North Korea's involvement coincides with increased regulatory scrutiny of Upbit. A probe by the Financial Intelligence Unit (FIU) uncovered over 600,000 potential Know Your Customer (KYC) violations by the exchange. Upbit reportedly accepted blurred identification cards, undermining proper user verification and raising compliance concerns.
These regulatory breaches could result in fines of up to $71,500 per infraction and may complicate the exchange’s business license renewal. Such lapses highlight vulnerabilities in the crypto sector, where weak compliance measures can facilitate illicit activities.