News Scrap

  • North Korean hackers stole 342K ETH from Upbit in 2019 and laundered through exchanges in over 51 countries.
  • Investigations by South Korea and the FBI traced crypto trails, recovering only 4.8 BTC from the billion-dollar theft.

In 2019, North Korean hackers carried out one of the most important cryptocurrency heists in history, taking 342,000 Ethereum (ETH) worth around $41.5 million from the South Korean exchange Upbit.

Since the value of the pilfer ETH has skyrocketed to around $1 billion, the attack’s long-lasting effects have become even more important. This event underlined not only weaknesses in crypto systems but also the part state-sponsored cybercrime plays in getting over global sanctions.

Using covert exchanges and laundering techniques dispersed over 51 countries, the hackers quickly turned over more than 57% of the money into Bitcoin, making recovery attempts quite difficult.

Unraveling North Korea Cyber Heists and Laundering Tactics 

Linking the crime to Lazarus Group and Andariel, both connected to North Korea’s intelligence branch, the General Reconnaissance Bureau, a thorough inquiry including the FBI and South Korean officials found following crypto traces and spotting IP addresses used during the operation were part of the forensic process.

Notwithstanding these initiatives, just 4.8 BTC—a small portion of the pilfers—has been found. This little recovery highlights the technological complexity of the laundering process and the challenges in recovering piles of cryptocurrencies.

Furthermore, notably to support its nuclear aspirations, the North Korean government is using cyberattacks as a strategic tool for income generation. Like actions include $600 million from the Ronin Network and $100 million from the Harmony Protocol being stolen.

These events show the regime’s growing knowledge in using digital weaknesses as they show an increasing tendency in big-scale attacks on dispersed financial systems.

Adding yet another level of cyber capability, North Korea has been accused of using malware to pilfer crypto keys. As previously reported by CNF, the BlueNoroff hacker organization embedded malware in decoy PDF files, therefore abusing macOS computers.

Targeting gullible people, these files are sent via phishing emails disguising themselves as essential crypto information.