In a major development for the cryptocurrency industry, South Korean authorities have officially confirmed that the 2019 $50 million hack of Upbit, one of South Korea’s largest cryptocurrency exchanges, was carried out by North Korean hacker groups. The confirmation, made on November 21, identifies Lazarus and Andariel, two notorious hacking groups linked to the North Korean regime, as the perpetrators. This breakthrough in the investigation highlights the growing threat of state-sponsored cyberattacks and serves as a stark reminder of the vulnerabilities within the crypto sector.
What Happened in the Upbit Hack?
The Upbit hack took place in November 2019 when 342,000 Ether (ETH)—worth around $50 million at the time—was stolen from the exchange’s hot wallet. Back then, the value of Ether was roughly $147 per coin, but with recent price surges, the stolen funds would now be worth over $1 billion. This hack was one of the largest cryptocurrency thefts in recent years, and its scale has only increased as the price of Ether and Bitcoin continues to climb.
The perpetrators used sophisticated tactics to execute the hack, targeting Upbit, a well-known South Korean exchange that facilitates the trading of cryptocurrencies such as Ether and Bitcoin. While the exact techniques used by the hackers remain undisclosed, the stolen funds were tracked and eventually linked to North Korean hacking groups, including Lazarus and Andariel, both infamous for their involvement in large-scale cybercrime operations.
The Role of North Korean Hackers: Lazarus and Andariel
This confirmation from South Korean authorities marks the first time a government agency has officially linked North Korea to a cryptocurrency exchange hack. Lazarus and Andariel are well-documented groups known for their involvement in cyber espionage, theft, and large-scale attacks across the globe.
- Lazarus Group is believed to be behind some of the most significant cyberattacks in recent history, including the Sony Pictures hack and the WannaCry ransomware attack.
- Andariel, another North Korean hacking group, is involved in more specialised operations, often targeting financial institutions and cryptocurrency exchanges.
Authorities tracked the stolen funds using crypto transaction flows, IP addresses, and linguistic patterns associated with North Korean groups. The investigation was supported by the FBI, which provided valuable intelligence that helped establish the connection.
How Did North Korea Launder the Stolen Funds?
After the hack, it was revealed that approximately 57% of the stolen Ether was sold on exchanges operated by North Korean entities. The remaining funds were laundered through 51 overseas cryptocurrency exchanges, many of which were located in jurisdictions outside South Korea’s legal reach. This made it incredibly difficult for investigators to recover the stolen assets.
The use of such sophisticated laundering techniques highlights the challenges law enforcement faces in tracking illicit crypto transactions. The global and decentralised nature of cryptocurrency makes it an attractive target for hackers, especially those backed by nation-states like North Korea. Moreover, the absence of uniform regulatory standards across different countries adds another layer of complexity to the investigation.
Upbit Faces Regulatory Scrutiny Over KYC Violations
In addition to the crypto hack, Upbit is facing regulatory issues over potential Know Your Customer (KYC) violations. On November 14, South Korea’s Financial Intelligence Unit (FIU) flagged the exchange for accepting incomplete or blurry identification documents from users during the business licence renewal process. The FIU has identified up to 600,000 potential violations, raising serious concerns about Upbit’s compliance with local laws and international standards.
KYC violations are critical in the cryptocurrency industry as they help prevent money laundering and other illicit activities. The potential fines for these violations could total $71,500 per case, which would result in significant financial penalties if all violations are confirmed. This issue, combined with the 2019 hack, adds more pressure to the exchange, as it faces heightened scrutiny from regulators.
Why North Korea Targets Crypto Exchanges: The Bigger Picture
The involvement of North Korea in the Upbit hack raises important questions about the country’s strategy in cybercrime and cryptocurrency. State-sponsored hacking groups, such as Lazarus, have increasingly turned to cryptocurrency theft as a means of raising funds for the North Korean regime, which is subject to severe international sanctions.
Cryptocurrencies, due to their decentralised nature and the relative anonymity they offer, are becoming the preferred choice for state actors and cybercriminals alike. North Korea is believed to have used the proceeds from these hacks to support its nuclear programme and evade economic sanctions.
The scale of this attack—along with the sophisticated laundering techniques employed—illustrates just how much the cryptocurrency space has become a battleground for nation-state actors. For cryptocurrency exchanges, this is a wake-up call to enhance their security measures and compliance protocols to prevent similar attacks in the future.
What Does This Mean for the Future of Cryptocurrency Security?
The Upbit hack is a clear indication that exchanges must strengthen their security protocols and ensure they comply with international anti-money laundering (AML) and Know Your Customer (KYC) regulations. For the broader crypto industry, this event underscores the importance of:
- Enhanced security measures: Ensuring that hot wallets, private keys, and other sensitive data are protected with the highest level of encryption and security protocols.
- Stronger compliance: Exchanges need to adopt rigorous KYC and AML procedures to prevent illicit activities, such as money laundering and terrorist financing.
- Global cooperation: The global nature of cryptocurrency means that countries and regulators must work together to track and stop state-sponsored cybercrime.
The Importance of Regulatory Frameworks in Cryptocurrency
The Upbit hack and the subsequent KYC violations raise a critical issue for the cryptocurrency industry—the need for stronger regulatory frameworks. As the crypto market continues to grow, the risk of large-scale attacks and financial crimes also rises. Governments and industry stakeholders must work together to establish:
- Global regulatory standards for cryptocurrency exchanges, ensuring that exchanges adhere to security and compliance best practices.
- Collaboration between governments and agencies to track and prevent state-sponsored cybercrime in the crypto space.
Without proper oversight, the crypto industry risks becoming a haven for criminals, hackers, and rogue states looking to exploit its vulnerabilities.
Conclusion: A Wake-Up Call for the Cryptocurrency Industry
The $50 million Upbit hack, attributed to North Korean hackers, is a stark reminder of the vulnerabilities within the cryptocurrency sector. This event highlights the increasing sophistication of cyberattacks and the urgent need for robust security measures and regulatory compliance. For exchanges like Upbit, strengthening security and compliance protocols is no longer optional—it is essential for survival in a rapidly evolving and dangerous landscape.
